Deleting files

Question

I receive the following warning a couple of times a week. I have two media servers both running the same OS and BE versions. BE is updated with the current patches on both media servers, but this warning only shows up on one.

An unknown application is deleting files from the following folder:

&nbsp;C:\ProgramData\Symantec\CRF&nbsp;

Files contained in this folder are used by Backup Exec, and deleting them may cause Backup Exec processes to crash. Determine which application is accessing the folder and add the folder to the application's exclusion list.

&nbsp;

I have followed the recommendations as per this post and still received the warning: http://www.symantec.com/connect/forums/backup-exec-alert-job-warning-server-dc-xxxxxxxx-unknown-application-deleting-files-following . Opened a case with Symantec. Technician had me exclude C:\ProgramData\Symantec\ and C:\Program Files\Symantec\ from the anti-virus. These exclusions were up one directory level from the recommendations from the previosly mentioned post and also included all sub-directories. I am still receiving the warning. I got one yesterday at 4:18 PM and one this morning at 8:41 AM.

craigv · Accepted Answer

Did you follow this TN below when putting in AV exclusions?

https://www.veritas.com/support/en_US/article.TECH223209

THanks!

colin_weaver · Answer

You can use procmon.exe (downloadable from Microsoft) to monitor&nbsp;for processes accessing files in that location and see if you can identify any strange activity

&nbsp;

Tip&nbsp;for procmon use - set the backing file location so that it logs properly to a file (and a voluem with enough disk space) and make sure you restart procmon.exe&nbsp;after setting up teh backing file&nbsp;so that activity can be monitored (and logged)

&nbsp;

jjdefan · Answer

Thanks CraigV. That TN did not come up in my original searches. I pulled it up and followed it. Strange thing is, once I add the folders to the exclusion list, close the McAfee console and then go back into the console, those exclusions are no longer listed. Also, shortly after following the TN you provided, I got the warning again.

colin_weaver · Answer

Not that I would&nbsp;know much about McAfee but is it being mangaed by some kind of centralised process or policy control as changing it locally might get overwritten if it is.

craigv · Answer

Yeah McAfee's ePO server can overwrite any policies from a central location. Had this happen to me plenty of times. Check that as Colin said and try the exclusion from there.

Thanks!

jjdefan · Answer

Thanks Colin. McAfee wasn't supposed to be managed and I didn't think it was, but at your suggestion&nbsp;I decided to look at it anyway. Don't you know it's the smallest things that trip us up at times. It was being managed by the ePo. It has been removed from a managed state, exclusions have been added and retained. Will monitor for the deletion activity for a couple of days and update the thread.

Forum Discussion

Deleting files

7 Replies

Related Content

Unable to delete VRTSpbx log files

Deleting .bkf Files

S3 bucket deleting Access 3350

Accedently deleted main.cf file

Deleting Log files

Recent Discussions

Backup Exec Job got canceled

BackupExec for Oracle 23ai?

Add Oracle DB in Backup Exec

Veritas Backup Exec version upgrade & migrate to another new Server

Veritas Backup Exec 23 - Slow Backup after Windows server 2019 upgrade