TOR traffic identified

Hi All,

As per one of my friend's suggestion, I have created ADC rule as mentioned below to detect TOR Browsers on endpoints.

--------------------------------------------
File and Folder Access Attempts:
*Browser\firefox.exe
c:\*Browser\firefox.exe
*\*firefox.exe

Launch Process Attempts
firefox.exe

----------------------------------------------

I have found below files under Caller Process Name.

C:/Program Files/Symantec/Symantec Endpoint Protection/12.1.1000.157.105/Bin/ccSvcHst.exe
C:/Program Files (x86)/Symantec/Symantec Endpoint Protection/12.1.3001.165.105/Bin/ccSvcHst.exe
C:/Program Files/Symantec/Symantec Endpoint Protection/12.1.3001.165.105/Bin/ccSvcHst.exe
C:/Program Files (x86)/Symantec/Symantec Endpoint Protection/12.1.2015.2015.105/Bin/ccSvcHst.exe
C:/Program Files/Symantec/Symantec Endpoint Protection/12.1.2015.2015.105/Bin/ccSvcHst.exe
C:/Program Files/Symantec Client Security/Symantec AntiVirus/12.1.1000.157.105/Bin/ccSvcHst.exe
C:/Program Files (x86)/Symantec/Symantec Endpoint Protection/12.1.5337.5000.105/Bin/ccSvcHst.exe

My query is why Symantec is calling below mentioned TOR browsers

C:/Documents and Settings/Mike.Oyeniran/Local Settings/Temp/7ZS2E2.TMP/CORE/FIREFOX.EXE
C:/Program Files (x86)/Mozilla Firefox/FIREFOX.EXE
c:/Program Files/Mozilla Firefox/firefox.exe
C:/Users/djamel.faid/Desktop/BROWSER/UPDATED/BROWSER/FIREFOX.EXE
C:/Users/djamel.faid/Desktop/BROWSER/FIREFOX.EXE
C:/Users/djamel.faid/Desktop/TOR BROWSER/BROWSER/FIREFOX.EXE
C:/Users/djamel.faid/Desktop/BROWSER/BROWSER/FIREFOX.EXE
c:/program files/mozilla firefox/updated/firefox.exe
C:/WINDOWS.OLD/PROGRAM FILES/MOZILLA FIREFOX/FIREFOX.EXE
C:/Program Files (x86)/Mozilla Firefox/UPDATED/FIREFOX.EXE
C:/PROGRAM FILES/MOZILLA FIREFOX/NSS11B.TMP/FIREFOX.EXE
C:/Documents and Settings/JCF/LOCALS~1/TEMP/7ZS1F3.TMP/CORE/FIREFOX.EXE
C:/Users/shazim/Desktop/TOR BROWSER/BROWSER/FIREFOX.EXE
C:/Users/mukesh.LAFARGE/Desktop/SOFTWARES/TOR BROWSER/BROWSER/FIREFOX.EXE
c:/Users/mohamed.abdelsamad/AppData/Local/Temp/7zS5263.tmp/core/firefox.exe
C:/DRP_14.9/SOFT/BROWSER/FIREFOX.EXE
C:/Data/Softwares/Tor Browser/Browser/firefox.exe
C:/Users/ext.cmostafai/Downloads/BROWSER-20160608T103400Z/BROWSER/BROWSER/FIREFOX.EXE
C:/Users/rabah.maza/Desktop/BROWSER-2015-09-25/BROWSER-2015-09-25/BROWSER/FIREFOX.EXE
C:/Users/ext.cmostafai/Downloads/BROWSER/BROWSER/FIREFOX.EXE
c:/Users/mmoubark/AppData/Local/Mozilla Firefox/updated/firefox.exe
C:/Program Files (x86)/MALWAREBYTES ANTI-MALWARE/CHAMELEON/WINDOWS/FIREFOX.EXE
C:/FirefoxPortableTest/App/Firefox/firefox.exe
C:/Users/salem.amer/AppData/Local/Mozilla Firefox/UPDATED/FIREFOX.EXE
C:/Users/raed.emailat/AppData/Local/MOZILLA FIREFOX/FIREFOX.EXE
C:/Program Files/Hewlett-Packard/Firefox - HP Virtual Browser Edition/fslrdr/1/[_B_]PROGRAMFILES[_E_]/Virtual Firefox/firefox.exe
c:/Users/faiz/AppData/Local/Mozilla Firefox/updated/firefox.exe
C:/Users/Sathis - RMQ/Desktop/Satish/Doc/FirefoxPortable/App/Firefox/FIREFOX.EXE
c:/Users/olkilani/AppData/Local/Temp/WPDNSE/{00006318-0001-0002-0000-000000000000}/firefox.exe
C:/Users/chamith/Documents/Chamith - Rashen/Chamith Nilanka/Credit Controll Department/Customers/Tekfen/Mozilla Firefox/firefox.exe
C:/Users/Mazen.Dibie/AppData/Local/MOZILLA FIREFOX/FIREFOX.EXE
C:/Users/Mazen.Dibie/AppData/Local/MOZILLA FIREFOX/UPDATED/FIREFOX.EXE
C:/Users/salem.amer/AppData/Local/Mozilla Firefox/firefox.exe
C:/Users/user/AppData/Local/Mozilla Firefox/updated/firefox.exe
C:/Users/user/AppData/Local/Mozilla Firefox/firefox.exe
C:/Users/mmoubark/AppData/Local/Mozilla Firefox/firefox.exe
C:/Users/hanine.benyounes/Desktop/BROWSER/FIREFOX.EXE
C:/Users/djamel.hadidi/Desktop/BROWSER/FIREFOX.EXE

Please help me.