Symantec still running a muck on itself?
Updated: 22 May 2010 | 3 comments
As you can see, ALL in the ..\Symantec Endpoint Protection\Xfer\*.tmp files
Thing is, it's only 1 machine, 1658 times....
All in the quarantine...
discussion Filed Under:
Comments
Hi, this issue should be
Hi,
this issue should be resolved in MR4 MP2.
Here is the workaround I know:
1.) If the client computer is running Windows XP, disable "System Restore" as KB: http://www.symantec.com/security_response/writeup....
2.) Restart the computer in Safe Mode
3.) Stop SEP services
"Symantec Endpoint Protection" from START -> RUN -> services.msc
"Symantec Management client" with command START -> RUN -> smc -stop
4.) Delete the folder "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\"
(in newer installations: "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer\")
5.) Delete all files .tmp in folder "c:\windows\temp\"
Important: empty the recycle bin...
6.) Restart SEP services (same as point 3 , except "smc -start")
7.) Run a full-scan
8.) Restart the computer in normal mode and if no new alerts of malware/virus detection are showed, enable "System Restore" as from step "1"
Regards,
Regards,
Giuseppe
Don't use System Restore
I keep clean imaes of all my machines up to date monthly. So I do not use System Restore at all.
In my startup scripts and logon files, I have something that run with every logon, as I deploy my software through the TEMP folder...
That is:
- RD /S /Q c:\temp
- cmd /c mkdir c:\Temp
- cacls c:\temp /E /T /G everyone:F
Basically, this ensures that the TEMP folder is deleted completely. Than recreates a new one, which as a flaw from M$ automatically inherits it's rights from the parent folder. Once the folder is removed and recreated, on next boot up it will not have the rights to be deleted. So the next line indicates to modify the access control list of the folder c:\temp and grant full rights to everyone on the folder. So that at next reboot, the folder can again be purged and recreated.
* * * * *
The clients are all on the latest build of MR4 MP2 and the only difference with this machine is it is in 64 bit. Amongst many many others. None of these machines have internet access and none of them have access to removable media.
Why, all of a sudden, today of all days, does this one system decide that all of the *.tmp files in Symantec's folder are viruses and downloaders?
Hi, unfortunately, to find
Hi,
unfortunately, to find the root of this issue you have to call the support.
To just fix it, you should try to apply my suggestion that already resolved similiar cases.
To collect more info on this issue you can search for Xfer in this forum.
Regards,
Regards,
Giuseppe
Would you like to reply?
Login or Register to post your comment.