Scans are detecting *.qsp files in C:\Windows\Temp folder as a virus by SEP 11 or SEP 12.1. Is the computer infected with a persistent new threat?
After scan (Active or Full) many *.qsp files has been detected as virus in C:\Windows\Temp
In the Virus and Spyware Protection Policies under Advanced Option - Quarantine the “Allow client computers to automatically submit items to a Quarantine Server” is selected, but configured with incorrect information. Alternately, a firewall or other network component is preventing successful communication with the Central Quarantine server.
The files detected are not in fact indications of an outbreak. While characteristics of these files still trigger detection, the threats detected have already been quarantined by SEP and are harmless. Detections of these .qsp files in the Temp folder can be safely ignored, or the following measures can be taken to prevent their creation.
Unless a legacy Central Quarantine Server is configured in the environment, the “Allow client computers to automatically submit items to a Quarantine Server” should not be selected.
In the Symantec Endpoint Protection Manager (SEPM), configure the policy to disable submission to Central Quarantine (CQ):
Open Virus and Spyware Protection Policies
Edit a policy set up for those clients
Advanced Option session
Uncheck "Allow client computers to automatically submit items to a Quarantine Server"
Windows Server 2008
Windows Server 2003
Imported Document ID: TECH173652
Quarantine Session in Virus and Spyware Protection Policies