Well what do you know - a document that acknowledges the problem, but not a clue as to the FIX............
Number 3 we did as a test, NO difference. We can't leave it that way, we'd be in big trouble........
Removing application control would open us up very wide since I've got stuff in there that blocks things that SEP misses - those rogue BHOs and other items that like to install in user profile areas, including Google's garbage, including their junk browser that breaks all the rules installing into a profile area instead of the program files area.
If I recall, I did try #2 many months ago - the issue is, I can't "experiment" because that means I have to disable our policies, re-enable opplocking, restart the server, see how many folks scream and lose documents, then if there are any that continue to have the problem, disable opplocking again and reboot the server for it to take effect.
Since we are effectively banned from OT, etc. - AND I can't reproduce this in a lab, it's very random and unpredictable - it's got to be done during production hours with real people and real documents.. We're in a big catch situation here. It's like we have to know there is a fix, and not test it, just apply it knowing it will work. Tests just don't work. I have never seen the issue myself with my computers or documents, and some folks don't see it every day. At least though there's proof that it's a known issue! Just no "fix" yet other than disabling security! And if that's the case, why not just uninstall SEP, put SAV back on and get all your performance back, and keep your documents from being deleted? LOL - Naw - we'll live for now with the big performance hit for having opplock and thus server-side caching off but in a secure environment, hoping that someday, there will be a real fix. I have to have something really in hand before I can declare a "test day" again because this has become a really really big "political" here with reputations on the line.
-----------------------------------------------------------------------------------
Question/Issue:
When saving Word files onto network share folder after editing, the error "Word cannot complete the save due to a file permission error" appears, and the file fails to save.
Solution:
As workarounds, you can choose each one of the following ways to solve the issue:
1. Disable Application and Device Control policy, which has been applied onto clients.
2. Check the applied "Application and Device Control" policy and make sure all rules of "application control" have been disabled. Meanwhile, you can enable device control.
3. Change the permission of shared folders to "Full Control" for remote users.
Document ID: 2009051916471148
Last Modified: 09/22/2009
Date Created: 05/19/2009
Operating System(s): Windows XP Professional Edition, Windows Server 2003 Web/Standard/Enterprise/Datacenter Edition
Product(s): Endpoint Protection 11
Release(s): Endpoint Protection 11.0.4