Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

DWH files

  • 1.  DWH files

    Posted Jul 05, 2010 03:13 PM
    DWH.... I see these come up all the time as Bloodhound.Exploit.292, Adware.Gen, or Trojan.Malscript!html. I have searched google extensively for info regarding this. The only thing it ever points to is Symantec software screwing up and detecting a filename/type that the Antivirus engine/definition updater created with during the update process. Am I supposed to create a group exception for these file types? Every week I get tonnes of false positive detections on this filename/type... I believe that creating exceptions would then potentially allow a real threat through. Symantec, what is the fix for this? This is not a new issue, please do not respond as though it sounds like it is. Just to help those out reading this... the file location is something like this: C:\WINDOWS\Temp\DWH(random letter)(random number)(random letter)(random number).tmp


  • 2.  RE: DWH files

    Posted Jul 05, 2010 03:48 PM
    There have been lot of discussion going about this, below are few other threads related to DWH files.

    Web URL: https://www-secure.symantec.com/connect/forums/dwhtmp-files-being-quarantined-viruses

    Web URL: https://www-secure.symantec.com/connect/forums/dwh-trojan-symantec-cant-remove-it

    Web URL: https://www-secure.symantec.com/connect/forums/generic-trojan-dwhtmp-temp-folder


  • 3.  RE: DWH files

    Posted Jul 05, 2010 04:16 PM
    Yes yes... I have read all three of those threads before. This issue was brought up in 10.x.... We are now running your latest and greatest 11.0.6 version... How do we resolve this issue from the server side rather than using manual client side band-aid fixes like the other threads suggest... Do the engineers not take customer product suggestions seriously? 10.x and now 11.x... Mudit, none of those suggestions assist me in resolving this issue. Am I supposed to make an exception for the three virus types these TMP files create as a temporary UNSAFE work around?


  • 4.  RE: DWH files

    Posted Jul 06, 2010 07:44 AM
    Hi Puzzled,

    Many thanks for the query.  Symantec engineers have continued to investigate and additional instances where these DWHxxx.tmp files are detected have been identified.  The next release, SEP 11 RU6 MP1, will contain enhanced code to better deal with these instances. 

    There is no definite ETA for this new release, but I expect it will be available within a month. I'll make a note to update this forum thread when MP1 is posted on fileconnect.

    Thanks and best regards,

    Mick


  • 5.  RE: DWH files

    Posted Jul 06, 2010 09:40 AM
    Thanks for the professional response. I look forward to hearing from you. I am sure there are plenty others too!


  • 6.  RE: DWH files

    Posted Aug 23, 2010 10:14 AM
    "but I expect it will be available within a month."

    Please blow some more smoke. Where is the resolve to this issue? 6 weeks 6 days and no one has modified code to make a frustrated customer community happy?

    Symantec - Your own product is detecting itself as a threat when it updates itself. You've had several complaints about it and you're still sitting on the fence blowing smoke. What are you going to do about it that you haven't done in  6 weeks 6 days + all the other threads from previous years mentioning the same exact issue.


  • 7.  RE: DWH files

    Posted Aug 23, 2010 10:31 AM
    Hi Puzzled,

    Please install this most recent version and take advantage of the latest improvements.

    Thanks and best regards,

    Mick


  • 8.  RE: DWH files

    Posted Aug 23, 2010 10:38 AM
    Thanks for updating this thread.

    Is there a list of changes to go along with MP1. I'm going to try googling for it, but if you already have a link, excellent.


  • 9.  RE: DWH files

    Posted Aug 23, 2010 11:28 AM
    Hi Puzzled,

    There are about 80 important changes in RU6 MP1.  Details can be found in:

    Release Notes for SEP RU6 MP1:
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121216360648

    Here are a couple of forum threads about the new release:

    https://www-secure.symantec.com/connect/forums/sep-ru6-mp1-release
    https://www-secure.symantec.com/connect/forums/sep-ru6-mp1-released

    Please let the forum know how you get on!

    Thanks and best regards,

    Mick


  • 10.  RE: DWH files

    Posted Nov 03, 2010 03:41 PM

    Hi Did MP1 fix the issue for you?

    it hasn't for me, we still get complaints from end users on this and I see no fix in site

    Thanks



  • 11.  RE: DWH files

    Posted Feb 26, 2011 01:10 PM

    can I erase the files in savsubeng file, there are 500,000 files in there.



  • 12.  RE: DWH files

    Posted May 13, 2011 10:54 AM

    We're running SEP 11.0.6200 and we see dozens of instances a day where Symantec reports it can't clean or quarantine a DHW file. This costs us a huge amount of time, because every file that Symantec can't address requires a manual effort. Typically, the response is to confirm the file no longer exists (which may require someone from a separate team due to access permissions), and kick off a scan - which may result in a new DWH false positive.

    Symantec - PLEASE FIX THIS BUG!

     

    Paul