Error Message

There is no specific error message, and backup jobs with GRT enabled complete successfully. However, many folders with IMGXXX, where XXX is a number sequence, are left on any numbers of disk drives on the system.  In many cases, these files cannot be deleted without a server restart.

As part of the GRT process, Backup Exec creates a directory by the name of IMGXXX (where XXX is a unique number, incremented every time a particular function is called) in the first volume that is online, NTFS and local to the server.  In this folder, Backup Exec GRT creates two temporary files, c:\IMG677\file001.tmp and c:\IMG677\vdb\file001.tmp. 512 bytes of data is written randomly to the c:\IMG677\file001.tmp.  The process then reads the 512 bytes of random data, then writes to c:\IMG677\vdb\file001.tmp.  If this copy process is successful, the thread to perform GRT is initialized.

Once finished, Backup Exec sends the following Windows API command to close the file once all attached processes end: SetDispositionInformation = ZwClose.

Per Process Monitor logs, it appears that the ESET File Security process "ekrn.exe" is still attached to the file001.tmp after the command is sent from the Backup Exec Agent for Windows (beremote.exe) to close the file

The following paths are recommended for exclusion. In some cases, the issue has been reported to continue following exclusions of Backup Exec processes and file paths. Please contact the ESET Security Support Team for further assistance troubleshooting this issue if the below exclusions fail to resolve the issue.

\\.pdvfs
f:\ (dedup volume root)
BE Program files path
BE catalogs path (if customized)
\Device\Pdvfs\*.*
\Device\Pdvfs\PdvfsRedirector\*.*

and the exes/processes:
bengine.exe
beremote.exe
beserver.exe
pvlsvr.exe
PDVFSService.exe
spad.exe
spoold.exe

Files/Folders:
x:\IMG* - where X is a local disk on the system
file001.tmp

Applies To

All reported cases of this issue are within environments that are utilizing "ESET File Security" Anti-Virus software.