References to CSIDL_DRIVES or CSIDL_PROFILE in file paths where executables are being detected by ATP
search cancel

References to CSIDL_DRIVES or CSIDL_PROFILE in file paths where executables are being detected by ATP

book

Article ID: 163462

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

You seek to understand the CSIDL values that show in the ATP reports correlated from SEP detections on local clients.

Environment

Windows Vista or Windows 7

Cause

This is a known issue that affects  the SEP clients. It is resolved in SEP 12.1.6 MP5

Resolution

In SEP versions prior to 12.1.6 MP5,  system variables that Microsoft uses are exposed in the event sent to ATP. Please update your SEP clients and SEPM servers to 12.1.6 MP5 or later to resolve this error.

 

These variables are similar to other variables that are more common such as %temp% and %windir%. Here is Microsoft's reference page for these values:

https://msdn.microsoft.com/en-us/library/windows/desktop/bb762494(v=vs.85).aspx

Powered by Wolken Software