Hi,
Couple of months ago, Symantec Endpoint Manager (SEM) sent to mail alerts about wax###.tmp files (#### = 4 characters random strings) and this kind of reports are still sent to us.
Alerts are sending from by both servers and clients. All wax.tmp files's hashes are different from each other but file path is same (c:\windows\temp\...). When we upload files to Virustotal, only Symantec describes it as a malware (1/56).
Report file looks like:
At least one security risk found:
Risk name: Heur.AdvML.B
File path: c:\windows\temp\wax2342.tmp
Action taken on risk: Cleaned by deletion
I have searched many websites related to this issue but we haven't got correct answers. Why we get this kind of alerts and how can we reach the root source's of this problem? Should it be false positive?
All helps are appreciated. Thanks a lot.