Endpoint Protection

 View Only

  • 1.  Trojan Gen2 issue

    Posted Dec 06, 2011 10:34 PM

    For the past few days I have been getting the following messages pretty much non stop.

    Scan type: Auto-Protect Scan
    Event: Security Risk Found!
    Security risk detected: Trojan.Gen.2
    File: C:\Users\mander22\AppData\Local\Temp\DWH14CD.tmp
    Location: Quarantine
    Computer: VU46431
    User: mander22
    Action taken: Quarantine succeeded : Access denied

    They tend to come almost every 6 seconds or so. I'm running a full scan with SEP on Vista and it keeps coming up with filenames that begin DWH and it just keeps finding more and more of them in my temp folder, its currently at about 700. The results box is reading the as follows:

    Action: Quarantined

    Status: Infected

    Location: Quarantine

    Primary Action: Clean Secruity risk

    Action Description: The file was quarantined sucessfully.

     

    Any ideas on what I should do next? I'm not the most tech savy and inupt is much appreaciated. Thank you

     



  • 2.  RE: Trojan Gen2 issue

    Broadcom Employee
    Posted Dec 06, 2011 11:24 PM

    what version of SEP are you using?

    The location shows its DHW files, which is known issue. Check this article

    http://www.symantec.com/business/support/index?page=content&id=TECH92399

    There are several methods to work around the issue in previous builds:

     

    • The quarantine scan on virus definition update can be disabled: edit Antivirus and Antispyware policy > Windows Settings > Quarantine > General, under "When New Virus Definitions Arrive" choose "Do nothing".
    • Items in quarantine can be deleted.
    • If the indexing service is enabled it could be triggering the issue when the dwh***.tmp files are indexed.
    • Other software that are scanning the temp file for changes such as third party


  • 3.  RE: Trojan Gen2 issue

    Posted Dec 17, 2011 04:16 AM

    Hi, I am facing the same issue mentioned above and it is really getting to me!! It actually now pops up every 4 seconds. 

    I have updated the product, but still am having the same issue. 

    Symantec Endpoint Protection Version: 11.0.6200.754

    First pop-up:

     

    Scan type: Auto-Protect Scan
    Event: Risk Found!
    Security risk detected: Trojan.Gen.2
    File: C:\Users\ahamdan\AppData\Local\Temp\DWHB043.tmp
    Location: C:\Users\ahamdan\AppData\Local\Temp
    Computer: EMEA-AHAMDAN
    User: ahamdan
    Action taken: Pending Side Effects Analysis : Access denied
    Date found: 17 December 2011  13:12:36
     
    Followed by :
    Scan type: Auto-Protect Scan
    Event: Risk Found!
    Security risk detected: Trojan.Gen.2
    File: C:\Users\ahamdan\AppData\Local\Temp\DWHB043.tmp
    Location: Quarantine
    Computer: EMEA-AHAMDAN
    User: ahamdan
    Action taken: Quarantine succeeded : Access denied
    Date found: 17 December 2011  13:12:36


  • 4.  RE: Trojan Gen2 issue

    Broadcom Employee
    Posted Dec 17, 2011 07:30 AM

    it would be good if you upgrade to SEP 12.1 RU 1 version. There are couple of things mentioned on forum that RU 6 Mp1 still has issues.



  • 5.  RE: Trojan Gen2 issue

    Broadcom Employee
    Posted Dec 17, 2011 07:32 AM

    you can use these workaround

    There are several methods to work around the issue in previous builds:

     

    • The quarantine scan on virus definition update can be disabled: edit Antivirus and Antispyware policy > Windows Settings > Quarantine > General, under "When New Virus Definitions Arrive" choose "Do nothing".
    • Items in quarantine can be deleted.
    • If the indexing service is enabled it could be triggering the issue when the dwh***.tmp files are indexed.
    • Other software that are scanning the temp file for changes such as third party