Hello,
What version of SEP 11.x are you running? Incase, you are running any version below SEP 11.0.RU6, then I would recommend you to Migrate to the Latest Version of SEP 11.0.7101 and above.
Check these Threads with same issue -
https://www-secure.symantec.com/connect/forums/trojangen2
and would suggest you to work on the steps provided below:
If such detections continue after deleting old .tmp files and updating to SEP 11 RU6a, see the following:
Stop the Symantec service
Deleting the files
NOTE: The following instructions are to be done from the Command Prompt as attempting to perform the deletions from the Windows user interface may result in delays and application hangs due to the large amount of files that can reside in these locations. Please note that these instructions will delete the files in the targeted directories, not the directories themselves. Do not remove the directories themselves, only the contents of those directories.
Stop the Symantec service
Deleting the files
NOTE: The following instructions are to be done from the Command Prompt as attempting to perform the deletions from the Windows user interface may result in delays and application hangs due to the large amount of files that can reside in these locations. Please note that these instructions will delete the files in the targeted directories, not the directories themselves. Do not remove the directories themselves, only the contents of those directories.
Open the Command Prompt
Deleting files from User Temp folder
- Click Start, then Run
- Type: cmd
- Click OK
1. Type the following command in Command Prompt. (The following string will vary depending on the user name.) Replace "<NAMEOFUSER>" with the username of the desired Windows user you wish to empty the temp folder for:
- For Windows 2000/XP/2003
DEL /F /Q "C:\Documents and Settings\<NAMEOFUSER>\Local Settings\Temp"
- For Windows Vista/7/2008
DEL /F /Q "C:\Users\<NAMEOFUSER>\AppData\Local\Temp"
2. Deleting the contents of the temp folder at the root of C:\
- Type the following command in Command Prompt:
DEL /F /Q C:\temp
3. Deleting the contents of the Windows Temp folder
4. Deleting the contents of the xfer and/or xfer_temp directories
- Type the following command in Command Prompt:
The Quarantine Folder
NOTE: The following instructions are to be done from the Command Prompt as attempting to open the Quarantine folder in the Windows user interface may result in delays and Windows Explorer application hangs due to the large amount of files that can reside there.
Delete the Quarantine Folder
Type the following commands in the Command Prompt:
Recreate the Quarantine Folder
Type the following command in Command Prompt:
- Windows 2000/XP/2003
MD "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine"
- Windows Vista/7/2008
MD "C:\ProgramData\Symantec\Symantec Endpoint Protection\Quarantine"
Start the Symantec service
- Click Start, then Run
- Type: smc -start
- Click OK
From the SEP-Manager:
- Edit the Antivirus and Antispyware policy of affected clients.
- In the policy editor click "Quarantine" on the left-hand menu.
- On the general tab click "Do nothing" under the heading "When new Virus Definitions Arrive"
Hope that helps!!