Symantec AV corporate edition

Carneyride · Jul 14, 2008

idk why i have "corperate" on my pc, but anyways... my tamper history on symantec says that C:\Program Files\UPHClean\uphclean.exe tried to suspend rtvscan..

i am aware symantec is a great load of ****, but is it possible uphclean is infected? how can i find out?

Defcon · Jul 14, 2008

Re: Symantec AV corperate edition

Symantec is very far from a 'load of ****', they have really good detection.

Carneyride · Jul 14, 2008

Re: Symantec AV corperate edition

every tech-guy i have talked to says symantec is a huge waste of disk space, just repeating what i have heard

KookyMan · Jul 14, 2008

Re: Symantec AV corperate edition

Symantec Home is a resource hog. I don't think that the corporate edition has the same failings, but I could be wrong. I think it doesn't though because its "just" an anti-virus as opposed to the "all in one" graphical suite that the consumer level is.

Carneyride · Jul 14, 2008

Re: Symantec AV corperate edition

the only reason i still have it, is for the realtime protection..

SaS free doesnt provide that, im saving money for the pro edition ^_^

also, i had spybot s&d on a flash drive.. i use that when i get suspicious

HAN · Jul 14, 2008

Re: Symantec AV corperate edition

is it possible uphclean is infected? how can i find out?
Click to expand...

I highly doubt it. Here is what UPHClean is doing (per MS):

The User Profile Hive Cleanup service helps to ensure user sessions are completely terminated when a user logs off. System processes and applications occasionally maintain connections to registry keys in the user profile after a user logs off. In those cases the user session is prevented from completely ending. This can result in problems when using Roaming User Profiles in a server environment or when using locked profiles as implemented through the Shared Computer Toolkit for Windows XP.

On Windows 2000 you can benefit from this service if the application event log shows event id 1000 where the message text indicates that the profile is not unloading and that the error is "Access is denied". On Windows XP and Windows Server 2003 either event ids 1517 and 1524 indicate the same profile unload problem.

To accomplish this the service monitors for logged off users that still have registry hives loaded. When that happens the service determines which application have handles opened to the hives and releases them. It logs the application name and what registry keys were left open. After this the system finishes unloading the profile.
Click to expand...

So it looks like Symantec is interpreting this releasing of handles as an attempt to suspend the real-time scanner. Which I guess, in a way, it is. But that's what it's supposed to do.

For some extra piece of mind, you could submit your uphclean.exe file to Virus Total for several second opinions. http://www.virustotal.com/

Log in or Sign up

Symantec AV corporate edition

Carneyride Registered Member

Defcon Registered Member

Carneyride Registered Member

KookyMan Registered Member

Carneyride Registered Member

HAN Registered Member

Log in or Sign up

Symantec AV corporate edition

Carneyride Registered Member

Defcon Registered Member

Carneyride Registered Member

KookyMan Registered Member

Carneyride Registered Member

HAN Registered Member

Useful Searches