Symantec.com
VERITAS.com
Partners
About Symantec
cartCart
WelcomeProducts & ServicesSecurity ResponseSupportSolutions & IndustriesLicensingTrainingStore
Enterprise
Symantec.com > Enterprise > Support > Knowledge Base


PRINT THIS PAGE PRINT THIS PAGE

Large amounts of temp files are being created in the xfer_tmp or 7.5/xfer folder and are being detected as threats.

Question/Issue:
After Symantec Endpoint Protection detects an infection the xfer_tmp folder starts to generate a large amount of temp files. How can I get this to stop?

After Symantec AntiVirus detects an infection the 7.5\xfer and/or 7.5\xfer_temp folders starts to generate a large amount of temp files. How can I get this to stop?

After a migration from Symantec AntiVirus to Symantec Endpoint Protection the xfer_tmp folder starts to generate a large amount of temp files. How can I get this to stop?

Symptoms:
Large amounts of temp files are generated in the following locations:

Symantec Endpoint Protection



Symantec AntiVirus

NOTE: The following file locations may still be relevant in a migration scenario from Symantec AntiVirus to Symantec Endpoint Protection


Solution:
Please ensure that the latest release of SEP 11 or SAV is installed on the client to take advantage of code improvements which make such detections much less likely. Should detections continue after deleting old .tmp files and updating to SAV 10.1 MR9 or SEP 11 RU5:
  1. Stop the Symantec service

    • Symantec Endpoint Protection
        1. Click Start, then Run
        2. Type smc -stop
        3. Click OK

    • Symantec AntiVirus
        1. Click Start, then Run
        2. Type services.msc
        3. Click OK
        4. Right-click and Stop the Symantec AntiVirus or Symantec Endpoint Protection service


  2. Deleting the files
    The following instructions are to be done from the command prompt as attempting to perform the deletions from the Windows user interface may result in delays and application hangs due to the large amount of files that can reside in these locations. Please note that these instructions will delete the files in the targeted directories, not the directories themselves. Do not remove the directories themselves, only the contents of those directories.

    1. Open the command prompt
        1. Click Start, then Run
        2. Type cmd
        3. Click OK

    2. Deleting files from User Temp folder
        • Type the following command in command prompt (The following string will vary depending on the user name):

          DEL /F /Q "C:\Documents and Settings\<NAMEOFUSER>\Local Settings\Temp"

          replace "<NAMEOFUSER>" with the username of the desired Windows user you wish to empty the temp folder for

    3. Deleting the temp folder at the root of C:\
        • Type the following command in command prompt:

          DEL /F /Q C:\temp

    4. Deleting the Windows Temp folder
        • Type the following command in command prompt:

          DEL /F /Q C:\WINDOWS\Temp

    5. Deleting the contents of the xfer and/or xfer_temp directories

        • Symantec Endpoint Protection

          • Type the following command in command prompt:

            DEL /F /Q "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer_tmp\"
          • DEL /F /Q "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer\"

        • Symantec AntiVirus

          NOTE: For migrations from Symantec AntiVirus to Symantec Endpoint Protection, be sure that the below locations do not also exist

          • Type the following commands in command prompt:

            DEL /F /Q "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer"
            DEL /F /Q "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer_tmp"
            DEL /F /Q "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer_tmp            "
            DEL /F /Q "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer"
  3. The Quarantine Folder
    The following instructions are to be done from the command prompt as attempting to open the Quarantine folder in the Windows user interface may result in delays and Windows Explorer application hangs due to the large amount of files that can reside there.

    1. Delete the Quarantine Folder

      • Symantec Endpoint Protection

        • Type the following commands in command prompt:

          DEL /F /S /Q "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine"

          RD /S /Q "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine"

      • Symantec AntiVirus

        NOTE: For migrations from Symantec AntiVirus to Symantec Endpoint Protection, be sure that the below location does not also exist

          • Type the following commands in command prompt:

            DEL /F /S /Q "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine"

            RD /S /Q "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine"

    2. Recreate the Quarantine Folder

      • Symantec Endpoint Protection
        • Type the following command in command prompt:

          MD "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine"

      • Symantec AntiVirus
        • Type the following command in command prompt:

          MD "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine"

  4. Start the Symantec service
    • Symantec Endpoint Protection
        1. Click Start, then Run
        2. Type smc -start
        3. Click OK

    • Symantec AntiVirus
        1. Click Start, then Run
        2. Type services.msc
        3. Click OK
        4. Right-click and Start the Symantec AntiVirus or Symantec Endpoint Protection service



Document ID: 2009042217073548
Last Modified: 03/16/2010
Date Created: 04/22/2009
Operating System(s): Windows 2000 Professional, Windows 2000 Server/Advanced Server, Windows XP Home Edition, Windows XP Professional Edition, Windows XP Tablet PC Edition, Windows Server 2003 Web/Standard/Enterprise/Datacenter Edition, Windows Vista, Windows XP Professional x64 Edition, Windows Server 2003 x64 Edition, Windows Vista x64 Edition, Windows Server 2008 DataCenter 64-bit, Windows Server 2008 DataCenter 32-bit, Windows Server 2008 Enterprise 64-bit, Windows Server 2008 Enterprise 32-bit, Windows Server 2008 Standard 64-bit, Windows Server 2008 Standard 32-bit, Windows Server 2008 Web Server 64-bit, Windows Server 2008 Web Server 32-bit, Windows XP Home, Windows XP Tablet PC, Windows XP 64-Bit Edition 2003, Windows Server 2003 32-bit Edition, Windows Server 2003 64-bit Edition, Windows XP Media Center Edition 2005, Windows Vista 32-bit Edition, Windows Vista 64-bit Edition, Windows Server 2008
Product(s): Endpoint Protection 11, Symantec AntiVirus 10.1, Symantec AntiVirus 10.2
Release(s): Endpoint Protection 11 [All Releases], Symantec AntiVirus 10.1 [All Releases], Symantec AntiVirus 10.2 [All releases]


Site Index · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2010 Symantec Corporation