I have also noticed one MR4 client exhibit the .tmp file detection in the /xfer directory. It occured after a detection of Trojan.Adclicker. It appears the files were generated during a Full Scan.

I have also noticed one MR4 client exhibit the .tmp file detection in the /xfer directory. It occured after a detection of Trojan.Adclicker. It appears the files were generated during a Full Scan.

Ok...I am seeing another PC doing this (this is the 5th one).  I may need to open a call with Symantec Support. 

I am seeing the same Trojan you mentioned, which seems to appear when the Weekly Scan is run.  It then generates the same file over and over again, alternating between a "Downloader" risk, and a "Trojan" risk. 

Anyone from Symantec seen this issue??

I have another client with the same problem now. Both were detections of the Trojan.Adclicker (the only two). I have them both at MR4 SP1. I'd hate to have to call in on this one. I'm going to try and reinstall to see what happens.

-Wayne

I'm having the same issues in the same exact way as everyone else. I am running MR4 and the affected clients are running Windows XP Pro.

Please Symantec, shine some light on this or i'm just going to call support to get the answer.

Symantec?  Any information on this?  I have a XP computer (SEP 11 MR4) that has had SEP delete over 5000 .tmp files from the xfer folder in the last few days.

Still having the issue, it seems to be only affecting clients that were infected previously.

I have seen this issue too.  One thought I just had was adding and exclusion for the xfer folder.   My understanding it that symantic is mistaking the def updates for a virusand excluding the folder might work around th issue.

I have also facing the issue, please help somebody...

As pewr my analysis it is activity of Trojan.Adclicker . You can configure the quarntine files to be delete after 57 days or simply delete those files.

Not much idea apart from it. Please share if someone has the centralised solution for it.

This only option I found that worked, was removing Symantec Endpoint from the client PC.  Upon reboot, navigate to Documents & Settings, All Users, Application Data, Symantec, and delete the Symantec Endpoint Folder.

Restart the PC, and then re-install Endpoint.

It is the Trojan.Adclick that causes the issues.  It also appears to be a problem if the client PC was upgraded from an older version, which was the case for all the machines have the issue at my location.

I had 6 PC's in total that I had to this on, but since it occured, have not had one since.  I am guessing that Symantec did something with a later Virus Def file, to correct the problem??

Other then that, no idea on why it happened, or why it suddenly stopped...just that it did.  However, for PC's that were already generating these false positives, the only solution was as mentioned above.

Hi Ajitjha, I agee with your openion. It is the Adclick trojan that causing the problem. However, thanks Hutch for the solution. It would help a lot.

We had the same problem. See this link
http://service1.symantec.com/SUPPORT/ent-security....