Unable to delete previous used eraser64.sys file after definition update

book

Article ID: 171063

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After updating the Symantec Endpoint Protection client's SDSDefs, the client is not able to fully delete all files and folders of the previous definition set.  The previous definiton number folder with a single file (eraser64.sys) remains on the file system.  There is no open file handle to the file or any signs of permission problem that would prevent the file deletion, however the file appears to be locked in some manner.

There is no obvious error in the SEP client.  Security posture of the client is not impacted.  The directory does not grow beyond the extra folder and file.

 

Environment

  • Windows 10
  • Windows Server 2016
  • SEP 14 RU1 MP1

Resolution

On April 18th Symantec released a new version of the Eraser engine that addresses this issue, it's included with the virus definitions so no additional steps are required. The new version is 117.3.1.