Hello,
I agree. This issue seems to be resolved as I haven't come across any of such cases with Symantec Endpoint Protection 12.1 RU2 detecting DWH###.TMP files (expect one..in SEP 12.1.4)
tmp file (DWH*****.tmp) detected as Trojan.Gen or Trojan.Gen.2 by Corp products
http://www.symantec.com/business/support/index?page=content&id=TECH102953
The Actual cause was with SEP 11 where the files were created by the Symantec Endpoint Protection or Symantec AntiVirus Quarantine scan. This scan is normally initiated by a virus definition update.
The quarantine scan on virus definition update can be disabled: edit Antivirus and Antispyware policy > Windows Settings > Quarantine > General, under "When New Virus Definitions Arrive" choose "Do nothing".
There are also several known methods to work around the issue:
- The quarantine scan on virus definition update can be disabled in the Symantec Endpoint Protection Manager (SEPM): edit Antivirus and Antispyware policy > Windows Settings > Quarantine > General, under "When New Virus Definitions Arrive" choose "Do nothing".
- Items in quarantine can be deleted.
- If the indexing service is enabled it could be triggering the issue when the dwh***.tmp files are indexed.
- Investigate other applications that are scanning the temp file for changes.
Check this Thread:
http://www.symantec.com/connect/forums/sep-121-and-dwhtmp-files
In case, the issue is re-occurying even after the above steps have been taken, then please create a case with Symantec Technical Support.
Check these Steps below:
How to create a new case in MySymantec
http://www.symantec.com/business/support/index?page=content&id=TECH58873
Phone numbers to contact Tech Support:-
Regional Support Telephone Numbers:
- United States: https://support.broadcom.com (407-357-7600 from outside the United States)
- Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
- United Kingdom: +44 (0) 870 606 6000
Additional contact numbers: http://www.symantec.com/business/support/contact_t...
Hope that helps!!