That's what I thought and I have those excluded, but it is not-it is one folder below. So, it probably is a Trojan in someone's files that tried to load on the server during the copy process?
From: Michael B. Smith [mailto:[email protected]] Sent: Wednesday, June 29, 2011 9:06 AM To: NT System Admin Issues Subject: RE: Is this a valid file? It should be in this folder: C:\Windows\security\database And if so, it's a completely valid file. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Miller Bonnie L. [mailto:[email protected]] Sent: Wednesday, June 29, 2011 11:58 AM To: NT System Admin Issues Subject: Is this a valid file? Trying to find out if c:\windows\security\tmp.edb is a valid Windows file on a Windows Server 2003 R2 x64 Standard SP2 installed system. Forefront Endpoint Security caught a "trojan" in this file on a server and removed it. I think it may have happened while an admin was copying user files at the server from one drive to another, but I'm not certain of that. If I read http://support.microsoft.com/kb/822158 I do not see this file explicitly listed. I also do not see this file on other, similar servers. I'm inclined to think it doesn't belong, but the fact that it's a "tmp.edb" file makes me unsure. Our FEP deployment is very new (about a month old), so I'm trying to make sure I didn't miss an exclusion we should be using. Thanks for any advice or thoughts. Working on a SQL server rebuild right now, so I'll check back in a while... -Bonnie ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
