If it is suspicious, you could try submitting the file here: http://www.virustotal.com/
It will scan with several different AV engines and give the results. Jeff On Wed, Jun 29, 2011 at 12:17 PM, Miller Bonnie L. < [email protected]> wrote: > That’s what I thought and I have those excluded, but it is not—it is one > folder below. So, it probably is a Trojan in someone’s files that tried to > load on the server during the copy process?**** > > ** ** > > *From:* Michael B. Smith [mailto:[email protected]] > *Sent:* Wednesday, June 29, 2011 9:06 AM > > *To:* NT System Admin Issues > *Subject:* RE: Is this a valid file?**** > > ** ** > > It should be in this folder: C:\Windows\security\database**** > > ** ** > > And if so, it’s a completely valid file.**** > > ** ** > > Regards,**** > > ** ** > > Michael B. Smith**** > > Consultant and Exchange MVP**** > > http://TheEssentialExchange.com**** > > ** ** > > *From:* Miller Bonnie L. [mailto:[email protected]] > *Sent:* Wednesday, June 29, 2011 11:58 AM > *To:* NT System Admin Issues > *Subject:* Is this a valid file?**** > > ** ** > > Trying to find out if c:\windows\security\tmp.edb**** > > ** ** > > is a valid Windows file on a Windows Server 2003 R2 x64 Standard SP2 > installed system.**** > > ** ** > > Forefront Endpoint Security caught a “trojan” in this file on a server and > removed it. I think it may have happened while an admin was copying user > files at the server from one drive to another, but I’m not certain of that. > **** > > ** ** > > If I read http://support.microsoft.com/kb/822158**** > > ** ** > > I do not see this file explicitly listed. I also do not see this file on > other, similar servers. I’m inclined to think it doesn’t belong, but the > fact that it’s a “tmp.edb” file makes me unsure.**** > > ** ** > > Our FEP deployment is very new (about a month old), so I’m trying to make > sure I didn’t miss an exclusion we should be using.**** > > ** ** > > Thanks for any advice or thoughts. Working on a SQL server rebuild right > now, so I’ll check back in a while…**** > > ** ** > > -Bonnie**** > > ** ** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
