Endpoint Protection

I know there have been a number of threads concerning these folders, but I do not want to delete the folders themselves. What I noticed today during a search on my computer for a specific document (PDF) was that copies of this document were stored in the folder folders:

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Cached Installs

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Cached Installs

I then discovered that copies of every document I have saved to my Desktop\Downloads folder (this is where I save anything I download directly from the net) since updating from SEP 11 to SEP 12.1.1000.157 RU1; that is, some EXE files, but mostly Word and PDF documents, and thus nothing to do with installations. Between the two folders I have 10GB of material that I have either saved elsewhere or deleted.

I am presuming that I can simply delete these copies (but not other items in these folders or the folders themselves). Is there a setting in locally managed SEP to stop what seems to be an automatic backup of files in my Desktop\Downloads folder? Thanks.

I have just found that none of these files can be deleted.

yep, you should not be deleting the files.

I understand that there are files in these folders that shouldn't be deleted, but these folders are now full of .DOC, .PDF and other documents that have nothing to do with the installation of anything. It seems that files downloaded from the net to Desktop\Downloads have been automatically backed up in thse folders. It is these unwanted backups that I want to delete, as they occupy several GB and are no longer required. Is there a way to at least temporarily allow the deletion of files from this folder? And then some way to stop creating copies of future downloads?

You may compare with another machine where SEP is also installed, to identify files that you may/may not delete. The best would probably be to simply uninstall SEP client, purge these folders, then reinstall SEP.

By the way, you should be able to delete Cached Install content if you are connected as admin and if Tamper protection is disabled. To disable Tamper Protection via SEPM, please follow these steps:

1. Open Symantec Endpoint Protection 12.1
2. Click on "Change Settings"
3. Next to Client Management, click on "Configure Settings"
4. Select the "Tamper Protection" tab
5. Un-check "Protect Symantec security software from being tampered with or shut down"
6. Click on OK
7. Close Symantec Endpoint Protection 12.1

(source: http://www.symantec.com/docs/TECH166129)

To disable Tamper Protection locally via Client GUI, open the SEP 12.1 client, clickChange settings, click Configure Settings (next to Client Management), click Tamper Protection, remove the checkmark from "Protect Symantec security software from being tampered with or shut down", and click OK.

(source: http://www.symantec.com/docs/TECH104758)

You will need to find out as well why such files (not related to SEP) were backup there (backup solution in place? wrong system variable, for instance Cached Install folder defined as user temporary folder? any script?).

Thank you for the speedy replies! I successfully removed most of the files as explained in the first part of your message; for the time being I have been conservative and removed only the PDF and DOCX files that had puzzled me; in any case, this reduced the folder size from 4GB to 247MB.
 

The second part remains a puzzle. My back-ups are manually initiated images to external disks (no scripts, schedules etc.). I'll keep an eye on the Cached Instals folder for a while to see if anything new turns up.

Thanks for the assistance.