Endpoint Protection

 View Only
  • 1.  DWH file issue in SEP v11.0.7

    Posted Jul 11, 2012 08:42 PM

    Hi,

    I'm having issue with my new installation of SEP v 11.0.7 MP2, it gives me this error every morning:

     

    Scan type: Auto-Protect Scan
    Event: Risk Found!
    Security risk detected: Trojan.Gen
    File: C:\ProgramData\Symantec\DefWatch.DWH\dwhbb53.exe
    Location: C:\ProgramData\Symantec\DefWatch.DWH
    Computer: AdminLaptop01
    User: SYSTEM
    Action taken: Pending Side Effects Analysis : Access denied
    Date found: Thursday, July 12, 2012  10:18:00 AM
     
    Can anyone please advise what to do ?


  • 2.  RE: DWH file issue in SEP v11.0.7

    Posted Jul 11, 2012 09:02 PM

    Stop the SEP service and delete the files



  • 3.  RE: DWH file issue in SEP v11.0.7

    Posted Jul 11, 2012 09:09 PM

    which file to delete ?

    do I just

    smc - stop then

    delete then

    smc - start ?



  • 4.  RE: DWH file issue in SEP v11.0.7

    Posted Jul 11, 2012 09:58 PM

     

    https://www-secure.symantec.com/connect/forums/generic-trojan-dwhtmp-temp-folder

    Note the explanation by Ryan_Dasso

    You can also find a workaround by Mithun Sanghavi posted on the last page of this thread.

    Doing a search of the forum, you will also find other posts on it.



  • 5.  RE: DWH file issue in SEP v11.0.7

    Broadcom Employee
    Posted Jul 12, 2012 03:51 AM

    Hi Dushan Gomez,

    Please check this article

    DWH***.tmp files are detected in the user profile temp directory

    http://www.symantec.com/docs/TECH92399

    These detections do not indicate a new outbreak of a threat.  The .tmp files are created by the Symantec Endpoint Protection (SEP) or Symantec AntiVirus (SAV) Quarantine scan. The scan is normally initiated by a virus definition update.

    There are also several known methods to work around the issue:

    • The quarantine scan on virus definition update can be disabled in the  Symantec Endpoint Protection Manager (SEPM): edit Antivirus and Antispyware policy > Windows Settings > Quarantine > General, under "When New Virus Definitions Arrive" choose "Do nothing".
    • Items in quarantine can be deleted.
    • If the indexing service is enabled it could be triggering the issue when the dwh***.tmp files are indexed.
    • Investigate other applications that are scanning the temp file for changes.

      I hope it helps.

     



  • 6.  RE: DWH file issue in SEP v11.0.7
    Best Answer

    Broadcom Employee
    Posted Jul 12, 2012 04:12 AM

    Hi,

    Also you can refer this article

    When new virus definitions are in place and the quarantine is being scanned, a DWH file is created and detected by Auto-Protect

    http://www.symantec.com/docs/TECH102953



  • 7.  RE: DWH file issue in SEP v11.0.7

    Posted Aug 16, 2012 03:08 AM

    Thanks for all of your responses guys.