Endpoint Protection

 View Only

  • 1.  Users create .tmp files from mails

    Posted Oct 31, 2012 06:11 AM

    Hello all,

    weve updated Symantec Endpoint to version 12.1.1 MP1 a few weeks ago.

    Ever sinds we are having a strange  phenomenon, the users (who work on a RDP server) are creating .TMP (no filename) files on different places.

    If you open the .TMP files you can see a mail inside, so outlook is making copies of certain mails to disk and names them .tmp??

    I haven't found a pattern yet.

     



  • 2.  RE: Users create .tmp files from mails

    Posted Oct 31, 2012 10:46 AM

    What directory is this being created in?

    Can you share a screenshot?



  • 3.  RE: Users create .tmp files from mails

    Trusted Advisor
    Posted Oct 31, 2012 11:49 AM

    Hello,

    This is indeed strange...

    Could you let us know from which version did you migrate to Symantec Endpoint Protection to version 12.1.1 MP1?

    Is there any other Antivirus on the machine?

    Any particular reason, you feel this could be occured due to Symantec Endpoint Protection?

    I would suggest you to create a case with Symantec Technical Support,

    How to create a new case in MySupport

    http://www.symantec.com/business/support/index?page=content&id=TECH58873

    Phone numbers to contact Tech Support:-
     
    Regional Support Telephone Numbers:
    • United States: https://support.broadcom.com (407-357-7600 from outside the United States)
    • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
    • United Kingdom: +44 (0) 870 606 6000
     
    Hope that helps!!


  • 4.  RE: Users create .tmp files from mails

    Posted Nov 01, 2012 03:48 AM

    The files appear in the users document folder and on the network shares. I have a feeling it has something to do with opening or adding attachments in outlook.

    list of files yesterday and today

    =

    D:\Network>dir /s ".tmp" | FIND "31-10-2012" | sort

    31-10-2012  07:43            19.065 .TMP
    31-10-2012  08:25             7.702 .TMP
    31-10-2012  09:17             6.836 .TMP
    31-10-2012  09:34            12.012 .TMP
    31-10-2012  09:54             6.580 .TMP
    31-10-2012  09:59            10.144 .TMP
    31-10-2012  10:26            14.127 .TMP
    31-10-2012  18:34            15.165 .TMP
     
    D:\Network>dir /s ".tmp" | FIND "01-11-2012" | sort
    01-11-2012  07:55             8.441 .TMP
    01-11-2012  08:20             6.285 .TMP
    01-11-2012  08:27             9.519 .TMP
    01-11-2012  08:31             6.357 .TMP
    =
     
    There isnt any other virusscanner on the machine.
    We feel Symantec Endpoint is having a share because 
    1. this started after the upgrade
    2. sometimes the files stay away for a couple of days, and after we reboot the server containing the symatnec management console the files start appearing again
     
    i dont have any clou yet to when the files stop being created.
     
    i wil have a look at creating a MySupport ticket, tx!