Symantec detected “io.sys and msdos.sys” as WS.Reputation.1

I need a solution

Hi Team,

We have SEPM version 14. We have found symantec has detecting files  “io.sys and msdos.sys” as WS.Reputation.1 same has been qurantined and deleted by SEPM. but still we are see those file in system but size is 0 kb.

Also we have observed those files(io.sys and msdos.sys) are created by processntvdm.exe“. and this file belong to mircosoft and genuine process

Date size File
03/14/2018 07:34 AM GMT 0 IO.SYS
     
03/14/2018 07:34 AM GMT 0 MSDOS.SYS
     

Symantec Logs:

Filename Risk Original Location Computer Current Location Primary Action Secondary Action Action Description Date and Time
msdos.sys WS.Reputation.1 c: D00070-0061 Quarantine Restart Required – Quarantine Restart Required – Delete Restart Required – The file was quarantined successfully. 12/4/2018 10:19
io.sys WS.Reputation.1 c: D00070-0061 Quarantine Restart Required – Quarantine Restart Required – Delete Restart Required – The file was quarantined successfully. 12/4/2018 10:18
msdos.sys WS.Reputation.1 c: D00070-0061 Quarantine Quarantine Delete Performed Post-Reboot Risk Processing. 12/4/2018 9:54
msdos.sys WS.Reputation.1 c: D00070-0061 Quarantine Quarantine Delete Performed Post-Reboot Risk Processing. 12/4/2018 9:54

Hash value of files io.sys and msdos.sys : E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 

Files path: C:/ io.sys and C:/ msdos.sys

Please confirme what basis symantec has detecting those files io.sys and msdos.sys as WS.Reputation.1. and let us know the reason?

0

Related:

  • No Related Posts

Error: The Citrix Desktop Service was refused a connection to the delivery controller ” (IP Address ‘xxx.xxx.xxx.xxx’)

Try to determine which files are taking up disk space. on Identity disk

For access to the junction linked to the Identity Disk volume at C:Program FilesCitrixPvsVmServicePersistedData, you will need to execute the command prompt under the context of the Local System account via PsExec tool

The PsExec tool is available for download at this location

http://docs.microsoft.com/en-us/sysinternals/downloads/psexec

Follow these steps to access the Identity disk volume on the VDA:

1. Open elevated command prompt <Run as administrator>

2. execute the command under the context of the Local System account via PsExec:

PSEXEC -i -s cmd.exe

This it to access to the junction linked to the Identity Disk volume

3. Navigate to the root of the junction “PersistedData”, and execute the following command:

DIR /O:S /S > C:{location}Out.txt

4. Open out.txt using Notepad or text editor

5. Check the files taking up the disk space.

6. Move the unwanted files to an alternate location or delete them

Note: You may see .gpf files which shouldn’t be deleted. BrokerAgent.exe writes changed farm policies to %ProgramData%CitrixPvsAgentLocallyPersistedDataBrokerAgentInfo<GUID>.gpf. BrokerAgent.exe then triggers a policy evaluation via CitrixCseClient.dll.

Related:

  • No Related Posts

Event ID 1023 Error: The Citrix Desktop Service was refused a connection to the delivery controller ” (IP Address ‘xxx.xxx.xxx.xxx’). VDAs in Delivery Group losing registration with the Delivery Controllers

Try to determine which files are taking up disk space. on Identity disk

For access to the junction linked to the Identity Disk volume at C:Program FilesCitrixPvsVmServicePersistedData, you will need to execute the command prompt under the context of the Local System account via PsExec tool

The PsExec tool is available for download at this location

http://docs.microsoft.com/en-us/sysinternals/downloads/psexec

Follow these steps to access the Identity disk volume on the VDA:

1. Open elevated command prompt <Run as administrator>

2. execute the command under the context of the Local System account via PsExec:

PSEXEC -i -s cmd.exe

This it to access to the junction linked to the Identity Disk volume

3. Navigate to the root of the junction “PersistedData”, and execute the following command:

DIR /O:S /S > C:{location}Out.txt

4. Open out.txt using Notepad or text editor

5. Check the files taking up the disk space.

6. Move the unwanted files to an alternate location or delete them

Note: You may see .gpf files which shouldn’t be deleted. BrokerAgent.exe writes changed farm policies to %ProgramData%CitrixPvsAgentLocallyPersistedDataBrokerAgentInfo<GUID>.gpf. BrokerAgent.exe then triggers a policy evaluation via CitrixCseClient.dll.

Related:

  • No Related Posts

@sys-date and @sys-time issues

I have found several issues related with @sys-date and @sys-time. Here are some examples

“aternoon” is being resolved to a @sys-time=18:00. Shouldn’t be resolved to an interval, 12:00 to 18:00, much like it happens with “December” that is resolved to @sys-date=1 December and @sys-date=31 December?

The same happens with “morning” and “evening” which also represent time-ranges.

Furhtermore, watson sees no difference between “early morning” and “late morning”. In this case I can define a new entity for late and early to react accordingly, but it would work only if “morning”, “afternoon” and “evening” were recognized as time ranges.

Related:

  • No Related Posts

Setting context for slot prompt

I am not that familiar with the slot functionality in conversation, so while I tried implement that in our conversation I got stuck because of not getting some possibility that was previously there. Below are my requirements
1. To pass a context variable to my application if a prompt question is asked in the slot.
In my slot I have added a prompt for @sys-date, if @sys-date is not there we will ask for a date, at this time I have to set a context and return to my application. Can i do this?
![alt text][1]
2. Only after getting the response for all the checks I need to jump to the next node. How can I handle this?

[1]: /answers/storage/temp/15847-2017-06-29-1631.png

Related:

Why does my MQ FixPack install on AIX complain about bos.rte and bos.rte.install?

While trying to install an MQ FixPack on AIX messages similar to the following are displayed.

Requisites
———-
(being committed automatically as requisites of selected filesets)
bos.rte 7.1.3.45 # Base Operating System
Runtime
bos.rte 7.1.4.30 # Base Operating System
Runtime
bos.rte.install 7.1.3.46 # LPP Install Commands
bos.rte.install 7.1.4.30 # LPP Install Commands

Why, and what can I do to resolve this problem?

Related: