Many qsp files are detected as a virus in C:\Windows\Temp folder in Symantec Endpoint Protection
Last Updated May 08, 2014
Scans are detecting *.qsp files in C:\Windows\Temp folder as a virus by SEP 11 or SEP 12.1. Is the computer infected with a persistent new threat?
After scan (Active or Full) many *.qsp files has been detected as virus in C:\Windows\Temp
In the Virus and Spyware Protection Policies under Advanced Option - Quarantine the “Allow client computers to automatically submit items to a Quarantine Server” is selected, but configured with incorrect information. Alternately, a firewall or other network component is preventing successful communication with the Central Quarantine server.
The files detected are not in fact indications of an outbreak. While characteristics of these files still trigger detection, the threats detected have already been quarantined by SEP and are harmless. Detections of these .qsp files in the Temp folder can be safely ignored, or the following measures can be taken to prevent their creation.
Unless a legacy Central Quarantine Server is configured in the environment, the “Allow client computers to automatically submit items to a Quarantine Server” should not be selected.
In the Symantec Endpoint Protection Manager (SEPM), configure the policy to disable submission to Central Quarantine (CQ):
Open Virus and Spyware Protection Policies
Edit a policy set up for those clients
Advanced Option session
Uncheck "Allow client computers to automatically submit items to a Quarantine Server"