Endpoint Protection

Hi, I have two users with the same issue as this one posted in 2008

https://www-secure.symantec.com/connect/forums/endless-risk-notifications-quarantine-folder

Do not see any answers posted though.

We are running SEP11 but have upgraded from SAV10

Is it ok to delete these quarantine folders to clear these notifications.

Clients continue to get Symantec popup notifications of a threat.

thank you

If it is detected by sep it means it has got definitions , what version of SEP 11 are you using as fas as i know there was tmp file issue which were getting qurantined and detected as virus by sep and was fixed by later build of SEP . Kindly try upgrading sep ie only these 2 users and check how it goes

Alternatively make sure to submit these files to SRL team . Open up an ticket with support on how to submit files they should be able to help you

Isolate these machines if you think its a Threat unless these are deleted sucessfully by SEP

Make sure to implement latest definitions from SEP .jdb should do this and scan the machine

However i truly think Upgrading SEP should do work for you.

Yes, you can delete the quarantined files.

delete the file and use the latest version of sep.

thanks Swapnil, Brian81 and pete for the information. I believe this is a good fix. I had previously upgraded one of these machines to sep12.  This stopped the autoprotect notifications immediately.  However, shortly after installing sep 12, I ran microsoft safety scanner, and it was still finding a threat in the path noted above.  Today, I looked at this workstation and the path was no longer there at all (I had never deleted it).  I ran mss again and it found no infections.  So it looks like the upgrade has resolved this issue. 

Do you know if upgrading to sep12 deletes this folder path?  c:\programdata\symantec\SRTSP\Quarantine

Incidentally, we use MSS because sep11 (which is our current corporate standard) does not catch all threats.  Do you know if SEP12 does a better job?

Thanks again for your prompt responses!!!

Using 2 different antivirus products on the same system is counterproductive. This will cause the system to become slow and possibly unresponsive as both products fight with one another.

12.1 uses a new reputation feature which will identify poor or unknown files. Plus the scan engine is much quicker.

I would advise using SEP and then using a second opinion malware scanner to back it up.

Hi Brian, thanks for the info.  Agreed, it is not a good idea to use 2 anti virus programs at once.  They fight!!

MSS does not interfere with SEP though.  You download it and run it as a one time scan.  It finds a lot of threats that SEP does not find.  We have actually found MSS to be more effective than malware bytes, which we used to use quite a bit up until about a year ago.  We found it wasn't catching threats like it used to.  We also use kaspersky's TDS killer in circumstances when we suspect a rootkit.  We have had good success with MSS so far so will continue to use it until it stops working!

Regards...

Not necessarily the found threats by MSS are actually threats , i would suggest please check the name of files being detected as threat by MSS on virus total or any other free virus check website. SEP preferred not because i am using it but the definitions release is very good along with false positive rate is almost low for SEP compared to MSS. MSS can be good scanning tool however not good to use in corporate networks for me at least .

Hi Swapnil, true, we have found that MSS does flag Dameware client as a virus sometimes but hasn't caused any issues with it.  We have SEP11 running in the background but still, threats get through, so we use MSS to clean them up.  As well, I think you are right, I don't think the threats found in the Quarantine folder are active - and upgrade to sep12 seems to resolve the issue.