Endpoint Protection

I have a user who's computer is generating

Message from:
         Server name: srvasymantec
         Server IP: 10.x.x.x

At least one security risk found:

Risk name: Packed.Mystic!gen4
File path: c:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer\4d2220ae.tmp
Event time: 2011-06-16 16:39:26 GMT
Database insert time: 2011-06-17 14:39:59 GMT
User: SYSTEM
Computer: sales-1agnt
IP Address: 10.x.x.x
Domain: Default
Server: srvasymantec
Client Group: My Company\Sales
Action taken on risk: Quarantined

I've run multiple scans on his machine, deleted the files in the xfer directory and these still keep getting generated. Is his machine infected and how should I remediate this issue?

-J

What version are you running? An issue like this was addressed in RU6 MP1.

Large numbers of .tmp files are being created in the xfer_tmp or 7.5/xfer folder and are being detected as threats.

http://www.symantec.com/business/support/index?page=content&id=TECH93590&actp=search&viewlocale=en_US&searchid=1308325856607

The client is running 11.0.6200.754

The manager is running 11.0.5002.333

-J

Have you tried running the Power Eraser or SERT utility to scan this system?

Also run the Load Point Analysis tool found in the SEP Support tool and see if anything comes up.

Power Eraser -http://www.symantec.com/business/support/index?page=content&id=TECH134803&locale=en_US

SERT - http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

Load Point feature - http://www.symantec.com/business/support/index?page=content&id=TECH96291&locale=en_US