Virus being detected in the quarantine folder of the Symantec Endpoint Protection client APQ*.tmp
search cancel

Virus being detected in the quarantine folder of the Symantec Endpoint Protection client APQ*.tmp

book

Article ID: 154864

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Detections occur over and over in C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\

SEP Scan Log contains entries similar to:

 

[date][time] Detection action on an anomaly taken Manual scan Administrator c:\documents and settings\all users\application data\symantec\srtsp\quarantine\apq1211.tmp

[date][time] Detection action on an anomaly taken Manual scan Administrator c:\documents and settings\all users\application data\symantec\srtsp\quarantine\apq1211.tmp

[date][time] Detection action on an anomaly taken Manual scan Administrator c:\documents and settings\all users\application data\symantec\srtsp\quarantine\apq1212.tmp

 

 

Cause

These detections do not indicate a new outbreak of a threat.  The .tmp files are created by the Symantec Endpoint Protection (SEP) Quarantine scan.   
 
 

Resolution

Upgrade to the latest available release of Symantec Endpoint Protection to avoid the conditions which lead to these detections.

If an upgrade is not immediately possible:

  1. Go into the Virus and Spyware  Protection Policy
  2. Select Quarantine
  3. For the setting When New Virus Definitions Arrive select to Do Nothing.

In some other very specific situations with other 3rd party AV products interacting with Symantec Endpoint Protection the only other workaround available is creating a scanning exception for this folder path for either the 3rd party AV product or SEP: C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\SRTSP\Quarantine.

 

 

Powered by Wolken Software