Endpoint Protection

 View Only

  • 1.  Bloodhound.PDF.20

    Posted Feb 28, 2012 04:53 AM

    I cannot get rid of Bloodhound.PDF.20. I’ve performed a Live Update of my Endpoint Protection then run a full scan as suggested here: http://www.symantec.com/security_response/writeup.jsp?docid=2010-011922-0125-99&tabid=3, but it did not help. Some program keeps generating a .tmp file in my AppData/Local/Temp folder, e.g. DWHC18B.tmp. The Endpoint Protection Notification window is always up: "Security risk found" and the file is moved to quarantine. Please help me get rid of this.

    Best regards,
    Janos



  • 2.  RE: Bloodhound.PDF.20

    Broadcom Employee
    Posted Feb 28, 2012 05:56 AM

    delete all the .tmp files. Upgrade the SEP client to the latest version.



  • 3.  RE: Bloodhound.PDF.20

    Posted Feb 28, 2012 06:15 AM

    Hi Pete,

    Unfortunately, I cannot upgrade SEP, it is not my own pc, not my decision which version to use. (All I can do is to update the virus definitions, which I did.)

    That's what I'm doing: after removing all items that I can from the AppData/LocalTemp folder and a reboot, SEP remains silent for a while, then the notifications come again. (I also serched for all the files listed here: http://www.symantec.com/security_response/writeup.jsp?docid=2000-121911-5753-99, but did not find any of them on my pc.)

    Thanks,
    Janos
     



  • 4.  RE: Bloodhound.PDF.20

    Posted Feb 28, 2012 06:19 AM

    Hi Janos,

    If those DWH files are only appearing the the Temp directory, then it's most likely that you are seeing a product issue rather than an infection.  The following articles contain additional information.

    When new virus definitions are in place and the quarantine is being scanned, a DWH file is created and detected by Auto-Protect
    Article: TECH102953 | Created: 2007-01-19 | Updated: 2012-02-09 |
    Article URL http://www.symantec.com/docs/TECH102953
     

    Defwatch temp files are re-detected in temp folder
    Article: TECH138856   |  Created: 2010-08-31   |  Updated: 2011-01-22   | 
    Article URL http://www.symantec.com/docs/TECH138856

    DWH***.tmp files are detected in the user profile temp directory.
    Article: TECH92399   |  Created: 2009-01-16   |  Updated: 2012-02-06   | 
    Article URL http://www.symantec.com/docs/TECH92399


     Updating to the latest available SEP will resolve several of the underlying causes and reduce the number of DWH "detections."

    Please do update this thread to confirm if this matches what you are seeing!