Hello,

Please see attached file, the Symantec always pop-up detected virus, I used Symantec full scan and NOD32 online scan still cannot found, what I can to do for this issue ?

Thanks.

It's know issue.

You can upgrade latest SEP 12.1.4.

DWH***.tmp files are detected in the user profile temp directory

http://www.symantec.com/docs/TECH92399

When new virus definitions are in place and the quarantine is being scanned, a DWH file is created and detected by Auto-Protect

http://www.symantec.com/docs/TECH102953

the screenshot has detections.

the file is located under temp folder, can you delete the file if its not required.

Also run Symhelp for load point diagnostics.

Hello,

How can I exculde this path ?

See

When new virus definitions are in place and the quarantine is being scanned, a DWH file is created and detected by Auto-Protect

DWH***.tmp files are detected in the user profile temp directory.

do not exclude the temp folder, delete the files.

Hi,

Backdoor.Trojan is a detection name used by Symantec to identify malicious software programs that share the primary functionality of enabling a remote attacker to have access to or send commands to a compromised computer.

As the name suggests, these threats are used to provide a covert channel through which a remote attacker can access and control a computer. The Trojans vary in sophistication, ranging from those that only allow for limited functions to be performed to those that allow almost any action to be carried out, thus allowing the remote attacker to almost completely take over control of a computer.

I would suggest to refer technical write up of Backdoor.Trojan.

http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99&tabid=3

Follow the steps here to remove.

This is a known issue with SEP and these are false positives so to speak

Hello

I can't see  Quarantine in our SEP 11, please see attached image.

Thanks

You can do this on server side not sep client.

Yes, found it, but still detecting the  Quarantine .

Can I delete the C:\Users\Administrator\AppData\Local\Temp\2\notes2AE250 folder ?

And can I exculde this path ?

You can't exclude this path

Hello all,

What I can to do now ?

Thanks

Did you follow the steps for deleting the quarantine I posted above?

I have done Solution part, but it won't work.

meaning it won't delete? is an error being thrown?

Yes

no error

Did you try to disable tamper protection

We are using SEP 11.x, tamper protection is on SEP 12.x?

In SEPM 12.x tamper protection default on but SEPM 11.x you can enable below way.

To enable or disable Tamper Protection:

1. In the main window, in the sidebar, click Change Settings.
2. Beside "Client Management", click Configure Settings.
3. On the "Tamper Protection tab", check or uncheck Protect Symantec security software from being tampered with or shut down.
4. Click OK.

http://www.symantec.com/business/support/index?page=content&id=TECH102688

Hello,

I can't see the "Tamper Protection tab" in "Client Management" > Configure Settings (SEP version is 11.0)

Thanks

Anyone can help ?

Thanks

Have you not seen this setting ?

Are you using SEP ?

In SEPM Console..

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/c291bf8d5d97b5f68025736200576f9d?OpenDocument

Found it, it is checked.

Hello,

What I can do now ?

Thanks

Anyone can help?

Hello all,

No one cal help this issue ?

You can uncheck that setting and try to remove logs

The problem fixed, thanks.

Please update your thread (Mark as Solution).If multiple post help you please select "Request split solution" option.

Hi,

This is not a right solution please update which comments best help you..

The solution needs to be marked here please

where

Once you unmark the current selection, you will then have the ability to mark whichever ones helped.

You can select which comments best help you