This is a known issue which is going to be fixed probably in SEP 11 RU6 MP1.
Meanwhile, please follow the KB below to resolve this issue:
http://service1.symantec.com/SUPPORT/ent-security....
Reason behind it:
- By default, when there is anything in quarantine folder and there is new definitions downloaded in SEP client, then a scan is initiated after download to check if any definitions are available which can resolve the quarantined files.
- Unfortunately, in some cases, during this process, scan detects the tmp files which are created in Xfer or Xfer_tmp folder during above process.
This issue was initially fixed in MR4 MP2, however, I have seen this issue in some cases of RU5 and RU6 as well.
As mentioned above, hopefully, it will resolve in RU6 MP1.
Check the Knowledgebase.
DWH***.tmp files are detected in the user profile temp directory.
http://www.symantec.com/business/support/index?page=content&id=TECH92399&locale=en_US
Release Notes for Symantec Endpoint Protection 11.0.x and Symantec Network Access Control 11.0.x
http://www.symantec.com/business/support/index?page=content&id=TECH103087&locale=en_US