I've seen this before as well, it all ties back to the dwh false positive issue. Been around since SEP 11.x days and still here in 12.1.
You can read the explanation as to why it happens here:
https://www-secure.symantec.com/connect/ja/forums/generic-trojan-dwhtmp-temp-folder?page=1#comment-5191651
The entire thread is a good read if you have the time.