cancel
Showing results for 
Search instead for 
Did you mean: 

Deleting files

jjdefan
Level 2

I receive the following warning a couple of times a week. I have two media servers both running the same OS and BE versions. BE is updated with the current patches on both media servers, but this warning only shows up on one.

An unknown application is deleting files from the following folder:

 C:\ProgramData\Symantec\CRF 

Files contained in this folder are used by Backup Exec, and deleting them may cause Backup Exec processes to crash. Determine which application is accessing the folder and add the folder to the application's exclusion list.

 

I have followed the recommendations as per this post and still received the warning: http://www.symantec.com/connect/forums/backup-exec-alert-job-warning-server-dc-xxxxxxxx-unknown-appl... . Opened a case with Symantec. Technician had me exclude C:\ProgramData\Symantec\ and C:\Program Files\Symantec\ from the anti-virus. These exclusions were up one directory level from the recommendations from the previosly mentioned post and also included all sub-directories. I am still receiving the warning. I got one yesterday at 4:18 PM and one this morning at 8:41 AM.

1 ACCEPTED SOLUTION

Accepted Solutions

CraigV
Moderator
Moderator
Partner    VIP    Accredited

Did you follow this TN below when putting in AV exclusions?

https://www.veritas.com/support/en_US/article.TECH223209

THanks!

View solution in original post

7 REPLIES 7

CraigV
Moderator
Moderator
Partner    VIP    Accredited

Did you follow this TN below when putting in AV exclusions?

https://www.veritas.com/support/en_US/article.TECH223209

THanks!

Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

You can use procmon.exe (downloadable from Microsoft) to monitor for processes accessing files in that location and see if you can identify any strange activity

 

Tip for procmon use - set the backing file location so that it logs properly to a file (and a voluem with enough disk space) and make sure you restart procmon.exe after setting up teh backing file so that activity can be monitored (and logged)

 

 

jjdefan
Level 2

Thanks CraigV. That TN did not come up in my original searches. I pulled it up and followed it. Strange thing is, once I add the folders to the exclusion list, close the McAfee console and then go back into the console, those exclusions are no longer listed. Also, shortly after following the TN you provided, I got the warning again.

Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

Not that I would know much about McAfee but is it being mangaed by some kind of centralised process or policy control as changing it locally might get overwritten if it is.

CraigV
Moderator
Moderator
Partner    VIP    Accredited

Yeah McAfee's ePO server can overwrite any policies from a central location. Had this happen to me plenty of times. Check that as Colin said and try the exclusion from there.

Thanks!

jjdefan
Level 2

Thanks Colin. McAfee wasn't supposed to be managed and I didn't think it was, but at your suggestion I decided to look at it anyway. Don't you know it's the smallest things that trip us up at times. It was being managed by the ePo. It has been removed from a managed state, exclusions have been added and retained. Will monitor for the deletion activity for a couple of days and update the thread.

jjdefan
Level 2

The issue does appear to be resolved. Admins may close this thread.