Type the following command in Command Prompt. The commands will vary based on operating system, so choose the command that is appropriate for your computer. If the client is installed somewhere other than the default location, please be sure to change the path for the files and folders in the commands below. The instructions below are for a standard installation. Please contact Technical Support and ask for this utility if you would like to use it. Symantec also has a tool called SymDelTmps which can help delete the temporary files on a machine that is difficult to work with. #Symantec endpoint protection definitions folder too large windowsIf the quarantine, temporary directories, or xfer_temp folders have gotten too big for Windows to open or clear the contents, it may be necessary to do this from a command prompt. Restart in safe mode, delete *.DWH files in the temporary folder, and empty the quarantine folder. In the right-hand panel, on the Cleanup tab, under Quarantined Files, check Enable automatic deleting of quarantined files that could not be repaired (default: Delete after 30 days) and Delete oldest files to limit folder size at: (default 50 MB).Ĭlick Ok and, if needed, assign the policy.Įnsure that no processes or services (such as Windows Indexing Service for example) can access or monitor SAVCE or SEP files.Įnsure that the "%TEMP%" folder is not open when virus definitions are updated. In SEP 12.1 versions, this policy will be called Virus and Spyware Protection and Quarantine will be under Advanced Options. Under "When New Virus Definitions Arrive" choose Do nothing". Open the Antivirus and Antispyware policy > Windows Settings > Quarantine > General Disable rescanning of the local quarantine upon receipt of new virus definitions. #Symantec endpoint protection definitions folder too large how toPlease see Migrating to Symantec Endpoint Protection (RU7 MP2) or Upgrading or migrating to Symantec Endpoint Protection (RU1 MP1) for details on how to apply this update.īased on the severity of the detections, there are some known workarounds that should resolve the issue. #Symantec endpoint protection definitions folder too large updateThe issue of multiple DWH files being created and retained has been improved in SEP 11 Release Update 7 Maintenance Patch 2 (RU7 MP2) and SEP 12.1 RU1 MP1. Additionally, it will be treated as a suspect file and quarantined, resulting in a duplicate file being added to the local quarantine.įinally, as each definition set is received by the SEP or SAVCE client and the local quarantine is re-scanned, the above process repeats, and the contents of the local quarantine are doubled. This results in an already quarantined and infected file getting re-scanned. This will cause the file to be seen as a "new" file and un-trusted. However, if a third-party process accesses that file while it is being created, the SEP Auto Protect function will intercept this file access and will declare the file as un-trusted because another process, possibly malicious, had accessed the file. Normally, this temporary file will not be scanned by the SAVCE/SEP Auto Protect function because SEP is already handling the file, i.e. This is typically within the "%App Data%\Symantec\" folder, but in certain older builds of SEP and SAVCE, it may also use the windows "%TEMP%" folder. Consequently, the SAVCE/SEP client must extract the original file(s) from this quarantine packaging before it can be re-scanned.ĭuring this file extraction process, a temporary file - named DWHxxxx.tmp - is created in the working directory of the SAVCE/SEP client. When the files were originally quarantined, they were compressed and encrypted to ensure that the stored version cannot continue to infect the local machine. This enables the SAVCE/SEP client to inspect the files stored in the local quarantine and verify if any of them can be repaired with the updated AV signatures. When the virus definitions are updated in the Symantec Endpoint Protection (SEP) client or the Symantec AntiVirus Corporate Edition (SAVCE) client, there is an option to " Rescan the Quarantine".
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |