Endpoint Protection Small Business Edition

 View Only
  • 1.  SEP 12.1 and the DWH###.TMP files

    Posted Aug 22, 2011 08:44 AM

    Hi,

     

    I was wondering if anyone has come across this issue where endpoint 12.1 is scanning and quarrantining the temp files with the names that start with DWH

    I did some looking around but everything that I have seen is related to SEP 11 RU6 and was said to be fixed in the RU6 MR2 update.

     

    I had to go in on one machine and manually removed all these temp files. But seeing as it's starting to show up on other clients as well is there a fix for it? or is one comming?



  • 2.  RE: SEP 12.1 and the DWH###.TMP files
    Best Answer

    Trusted Advisor
    Posted Aug 22, 2011 10:18 AM

    Hello,

    This issue seems to be resolved as I haven't come across any of such cases with Symantec Endpoint Protection 12.1 detecting DWH###.TMP files

    Was this SEP 12.1 clients upgraded from SEP 11??

    http://www.symantec.com/docs/HOWTO55365

    The Above Article, speaks on how to clear disk space before upgrading the SEP 11 to SEP 12.1.

    The Actual cause was with SEP 11 where the files were created by the Symantec Endpoint Protection or Symantec AntiVirus Quarantine scan. This scan is normally initiated by a virus definition update.

    The quarantine scan on virus definition update can be disabled: edit Antivirus and Antispyware policy > Windows Settings > Quarantine > General, under "When New Virus Definitions Arrive" choose "Do nothing".



  • 3.  RE: SEP 12.1 and the DWH###.TMP files

    Posted Aug 22, 2011 12:44 PM

    Yes the machines where upgraded from SEP 11.

    I know we are rolling this out to some other clients as well, so I will double check to be sure that most of those users have nothing in the quarantine



  • 4.  RE: SEP 12.1 and the DWH###.TMP files

    Posted Aug 29, 2011 10:40 AM

    Well these dwh files are back again and on a machine that we have cleaned them off of.

     

    Any reason why they are back? or why they showed up in the first place?

    Computer
    User
    IP Address

    Risk
    Risk Type

    Risk Count

    Date Time

    Group

    Action
    Source

    File / Entry

    MOCOWS07
    SYSTEM
    192.168.1.104

    Bloodhound.MalPE
    Malware

    1

    08/29/2011 08:55:54

    My Company\MOCO Computers

    Quarantined
    Scheduled scan

    c:\documents and settings\jcormier\local settings\temp\dwh101e.tmp

    MOCOWS07
    SYSTEM
    192.168.1.104

    Trojan.Gen
    Malware

    1

    08/29/2011 08:55:52

    My Company\MOCO Computers

    Quarantined
    Scheduled scan

    c:\documents and settings\jcormier\local settings\temp\dwh101d.tmp

    MOCOWS07
    SYSTEM
    192.168.1.104

    Bloodhound.MalPE
    Malware

    1

    08/29/2011 08:55:50

    My Company\MOCO Computers

    Quarantined
    Scheduled scan

    c:\documents and settings\jcormier\local settings\temp\dwh101c.tmp

    MOCOWS07
    SYSTEM
    192.168.1.104

    Bloodhound.MalPE
    Malware

    1

    08/29/2011 08:55:48

    My Company\MOCO Computers

    Quarantined
    Scheduled scan

    c:\documents and settings\jcormier\local settings\temp\dwh101b.tmp



  • 5.  RE: SEP 12.1 and the DWH###.TMP files

    Posted Sep 30, 2011 02:58 PM

    I just did a SEP 12.1 upgrade and I'm getting the same issue also.

    At least on machines that were upgraded from v 11.



  • 6.  RE: SEP 12.1 and the DWH###.TMP files

    Posted Oct 21, 2011 11:48 AM

    We have just had SEP 12.1 installed (not an upgrade) and we have a client bloodhound.malPE continually checking and finding DWH###.  It seems to never stop.  It is affecting the performance of the client's computer.  Any thoughts?