Hello,
What version of SEP 11.x are you running?
Make sure you are running the Latest version of SEP 11.0.7101 and above.
Check this Thread: https://www-secure.symantec.com/connect/forums/sep-xferxxxxtmp-always-prompt-infection
That issue is largely resolved in the latest release of SEP 11 (RU6 MP3) and will be entirely resolved in the forthcoming SEP 12.1 I recommend upgrading as soon as is possible!
Stop the Symantec service
Deleting the files
NOTE: The following instructions are to be done from the Command Prompt as attempting to perform the deletions from the Windows user interface may result in delays and application hangs due to the large amount of files that can reside in these locations. Please note that these instructions will delete the files in the targeted directories, not the directories themselves. Do not remove the directories themselves, only the contents of those directories.
Open the Command Prompt
Deleting files from User Temp folder
- Click Start, then Run
- Type: cmd
- Click OK
1. Type the following command in Command Prompt. (The following string will vary depending on the user name.) Replace "<NAMEOFUSER>" with the username of the desired Windows user you wish to empty the temp folder for:
- For Windows 2000/XP/2003
DEL /F /Q "C:\Documents and Settings\<NAMEOFUSER>\Local Settings\Temp"
- For Windows Vista/7/2008
DEL /F /Q "C:\Users\<NAMEOFUSER>\AppData\Local\Temp"
2. Deleting the contents of the temp folder at the root of C:\
- Type the following command in Command Prompt:
DEL /F /Q C:\temp
3. Deleting the contents of the Windows Temp folder
4. Deleting the contents of the xfer and/or xfer_temp directories
- Type the following command in Command Prompt:
The Quarantine Folder
NOTE: The following instructions are to be done from the Command Prompt as attempting to open the Quarantine folder in the Windows user interface may result in delays and Windows Explorer application hangs due to the large amount of files that can reside there.
Delete the Quarantine Folder
Type the following commands in the Command Prompt:
Recreate the Quarantine Folder
Type the following command in Command Prompt:
- Windows 2000/XP/2003
MD "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine"
- Windows Vista/7/2008
MD "C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine"
Start the Symantec service
- Click Start, then Run
- Type: smc -start
- Click OK
If you have frequent recurrences of this issue and would like to disable re-scanning of the quarantine folder please follow these steps:
Disable re-scanning of quarantine files.
From the SEP-Manager:
- Edit the Antivirus and Antispyware policy of affected clients.
- In the policy editor click "Quarantine" on the left-hand menu.
- On the general tab click "Do nothing" under the heading "When new Virus Definitions Arrive"
Check the Release Notes: http://www.symantec.com/docs/TECH103087
Hope that helps!!