cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Question about attachments

Go to solution
Contonso
Level 4

‎05-13-2013 02:45 AM

Hi there,

our virus scanner detected an infected file in one of the EV_CVT_Temp_ folders. This file was moved immidiately to the quarantine by the scanner software. If I am correct these CVT_Temp folders are used for archiving as well for manual archiving.

My question is if I have any chance to find out who of our users has archived this infected file? I checked all available EV logs but could not find any username or file.

Is there propably a chance to find out something in the EV DBs? Unfortunately we are not using Journaling.

EV version is 10.01 and we are running Exchange 2010.

Regards

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Rob_Wilcox1
Level 6
Partner

‎05-13-2013 04:40 AM

Okay that's a super-generic detection, as I said, it's not a virus.  I'd bet good money on it.

Where is that folder located? The full path I mean.

Working for cloudficient.com

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
Rob_Wilcox1
Level 6
Partner

‎05-13-2013 04:03 AM

First of all, which folder *exactly* is it you are referring to?

Secondly, chances are it's NOT an infected file, but shows 'signatures' that are similar to a virus, but really, they're not..  antivirus gets confused. This technote might help:

 

http://www.symantec.com/business/support/index?page=content&id=TECH48856

Working for cloudficient.com
0 Kudos

Go to solution
Contonso
Level 4

‎05-13-2013 04:19 AM

Hi,

thanks for reply. We are using Symantec Endpoint Protection and it detected the file as a Trojan.Gen

It is folder EV_CVT_Temp_2.

Regards

0 Kudos

Go to solution
Rob_Wilcox1
Level 6
Partner

‎05-13-2013 04:40 AM

Okay that's a super-generic detection, as I said, it's not a virus.  I'd bet good money on it.

Where is that folder located? The full path I mean.

Working for cloudficient.com
0 Kudos

Go to solution
Contonso
Level 4

‎05-13-2013 04:56 AM

The Full path is: C:\Users\evltadmin\AppData\Local\Temp\EV_CVT_Temp_2

 

 

0 Kudos

Go to solution
Rob_Wilcox1
Level 6
Partner

‎05-13-2013 05:11 AM

Okay, well %temp% for the Vault Service Account should be excluded from AV scanning.

Working for cloudficient.com
0 Kudos

Go to solution
Contonso
Level 4

‎05-13-2013 05:27 AM

I just done this already.

Many Thanks

Regards,

Contonso

0 Kudos

Go to solution
Rob_Wilcox1
Level 6
Partner

‎05-13-2013 05:35 AM

Glad to help.

Working for cloudficient.com
0 Kudos