1.) If the client computer is running Windows XP, disable "System Restore" as KB: http://www.symantec.com/security_response/writeup....
2.) Restart the computer in Safe Mode
3.) Stop SEP services
"Symantec Endpoint Protection" from START -> RUN -> services.msc
"Symantec Management client" with command START -> RUN -> smc -stop
4.) Delete the folder "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\xfer\"
(in newer installations: "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\xfer\")
5.) Delete all files .tmp in folder "c:\windows\temp\"
Important: empty the recycle bin...
6.) Restart SEP services (same as point 3 , except "smc -start")
7.) Run a full-scan
8.) Restart the computer in normal mode and if no new alerts of malware/virus detection are showed, enable "System Restore" as from step "1
Tehnical explanation
"The "xfer" and "xfer_temp" folders still store files scanned by AutoProtect transferred from migrations of legacy Symantec AntiVirus (SAV) installations".
To be honest it seems that for some unexpected circumstances (for example a damaged file) SEP starts a loop where a file goes in quarantine (.vbn archives), then it is extract this file in a .tmp file to rescan it, it is again detected and quarantined, and so on...
Offical Symantec KB on this issue
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009042217073548
Try all the steps...it should resolve the issue.It worked for me before.