Endpoint Protection

 View Only

  • 1.  W32.Virut! Gene

    Posted Oct 31, 2011 12:16 PM

    good

    11.0.4000 I have the Symantec version, run a full scan and found the following risk

    W32.Virut! Gene in the following path c: \ Documents and Settings \ All Users \ Application Data \ Symantec \ Symantec Endpoint Protection \ xfer \ 4af76655.tmp

    My question is whether the risk actually found on this route or another and found
      put it there

     

    thanks



  • 2.  RE: W32.Virut! Gene

    Posted Oct 31, 2011 01:34 PM

    Hi

    to be honest with you tmp files was a known issue with sep

    however to avoid the risk i would suggest you to submit this file to Analysis team at

    https://submit.symantec.com/gold  if the tmp file you have mentioned is infected will be surely identified and remediation will be given .



  • 3.  RE: W32.Virut! Gene

    Trusted Advisor
    Posted Nov 01, 2011 05:22 AM

    Hello,

    Indeed, the SEP you are using is an old version (infact too old), check this : https://www-secure.symantec.com/connect/articles/what-are-symantec-endpoint-protection-sep-versions-released-officially.

    Since, the Version 11.0.4000, there have been a couple of bug fixes performed on the Symantec endpoint Protection software. Check the Release Notes: http://www.symantec.com/docs/TECH103087

    In your case, the file 4af76655.tmp does not seem to be a Threat, however a bug from the previous version which is being detecting as a Threat.

    It is recommended that you follow either of the steps provided below:

    1) Migrate to the Latest Version of SEP 11.0.7101

    http://www.symantec.com/docs/TECH171552

    http://www.symantec.com/docs/TECH93590

    OR / AND

    2) Work on the Steps provided by myself in the given thread below:

    https://www-secure.symantec.com/connect/forums/trojangen2

     

    I am sure that may help you!!



  • 4.  RE: W32.Virut! Gene

    Broadcom Employee
    Posted Nov 01, 2011 06:44 AM

    Hi Julrendo,

    It was known issue and was fixed in RU6 MP2

    A large number of .tmp files builds up in the XFER folder
    Fix ID: 1675729
    Symptom: Many files build up in the XFER folder on a Symantec Endpoint Protection client.
    Solution: The Symantec Endpoint Protection client was modified to enhance extraction and clean up of XFER files.

    Please check release notes.
    http://www.symantec.com/business/support/index?pag...

    .tmp files is detected as a risk & it's a false positive.

    Upgrade from 11.0.4000 (RU4) to SEP RU7 or SEP 12.1 will fix your issue.

    Check Symantec description about this virus at following link

    http://www.symantec.com/security_response/writeup.jsp?docid=2007-041117-2623-99&tabid=3

    I hope it will answer your question !!



  • 5.  RE: W32.Virut! Gene

    Posted Nov 01, 2011 01:54 PM

    thank you very much

    Then I can delete these files without any problem.

     

    Thanks.



  • 6.  RE: W32.Virut! Gene

    Broadcom Employee
    Posted Nov 01, 2011 01:58 PM

    Yes, you can delete

    But if u didn't upgrade same files may regenerate.



  • 7.  RE: W32.Virut! Gene

    Posted Nov 01, 2011 02:09 PM
    Thank you very much.

    Sorry so many questions, but do not understand when you say "But if u Did not upgrade files Apr regenerate Same"

    Thank you very much.


  • 8.  RE: W32.Virut! Gene
    Best Answer

    Broadcom Employee
    Posted Nov 01, 2011 02:13 PM

    Hi,

    As I said earlier it's a false positive.

    If you didn't upgrade it may happen that .tmp files will be detected as a W32.Virut!

    So either ignore it or upgrade to latest version.

    I hope it will clear your doubts.