Symantec Endpoint Protection (SEP) detects files under C:\ProgramData\Symantec\Symantec Endpoint Protection\<version>\SRTSP\Quarantine when a third-party program performs read operations on files in real time when they are written to (created/modified). This may include programs that perform indexing, automatic backup, or security functions.

Read activity by any process other than the SEP scan process causes auto-protect to re-scan the file on the new read attempt.

Symantec does not recommend running more than one file-scanning application on a computer at any time.

For other realtime applications such as indexing and backup, please exclude the following folders from monitoring by these third-party applications.

C:\ProgramData\Symantec\Symantec Endpoint Protection\<version>\SRTSP\Quarantine
C:\ProgramData\Symantec\Symantec Endpoint Protection\<version\Data\xfer
C:\ProgramData\Symantec\Symantec Endpoint Protection\<version\Data\xfer_tmp
C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\SRTSP\Quarantine
C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\xfer
C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\xfer_tmp