SEP problems

Just finished cleaning this system. SEP keeps detecting Trojan in it's own quarantine directory. System appears to be clean now, but this makes me worry.

Trojan.Gen.2 APQ25.tmp c:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine\ Infected 12/22/11 2:46 PM

Trojan.Gen.2 4ef326ea.tmp C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer\ Infected 12/22/11 12:37 PM

Trojan.Gen 4EF326E8.TMP C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer\ Infected 12/22/11 12:37 PM

Thanks,
-d

 

This a known issue with SEP detecting .tmp files as a trojan.


Quarantine scan causes Auto-Protect detections in %temp% folder
Fix ID: 1525749

Symptom: DWHWizard.exe starts the quarantine scan and moves quarantined files in to the %temp% folder for scanning. Auto Protect will occasionally detect these infected files.
Solution: After extracting and re-scanning each quarantine item, the TMP file is deleted unless the state is now REPAIRABLE. Repairable files are used later, either to restore to the original location or to save back to Quarantine (REPAIR_ONLY mode). These files should be clean, so Auto-Protect should not detect anything in them.


DWHxxxx.tmp files are scanned and re-detected when new definitions arrive or during a scheduled scan
Fix ID: 1925607
Symptom: DWHxxxx.tmp files are scanned and re-detected when new definitions arrive or during a scheduled scan.
Solution: After extracting a quarantined item to a temp file, the file is deleted immediately after it is processed.

Upgrading to the latest (SEP 11 RU7 MP1) version will resolve this issue.

See the Symantec Endpoint Protection release notes for more details.

http://www.symantec.com/business/support/index?page=content&id=TECH103087&key=54619