After updating the Symantec Endpoint Protection client's SDSDefs, the client is not able to fully delete all files and folders of the previous definition set. The previous definiton number folder with a single file (eraser64.sys) remains on the file system. There is no open file handle to the file or any signs of permission problem that would prevent the file deletion, however the file appears to be locked in some manner.
Windows Server 2016
SEP 14 RU1 MP1
There is no obvious error in the SEP client. Security posture of the client is not impacted. The directory does not grow beyond the extra folder and file.
On April 18th Symantec released a new version of the Eraser engine that addresses this issue, it's included with the virus definitions so no additional steps are required. The new version is 117.3.1.
Subscribing will provide email updates when this Article is updated. Login is required.