How to log all files and directories scanned during On-Demand / Scheduled Scan with Symantec Endpoint Protection 11.0

Article:TECH103126  |  Created: 2007-01-18  |  Updated: 2010-01-26  |  Article URL http://www.symantec.com/docs/TECH103126
Article Type
Technical Solution

Product(s)

Environment

Languages

Problem



How to verify which files (including those inside containers / compressed files) and directories are scanned during an On-Demand or Scheduled Scan with a Symantec Endpoint Protection 11.0 client.

Symptoms
You want to confirm which files (including inside containers / compressed files) and directories are being scanned during a Full System On-Demand or Scheduled Scan with a Symantec Endpoint Protection 11.0 client.



Solution



Enable the Symantec Endpoint Protection debug with specific parameters.
  1. Open the local user interface of the Symantec Endpoint Protection 11.0 client
  2. Click Help and Support> Troubleshooting.
  3. Click Debug Logs.
  4. Under Symantec Endpoint Protection, click Edit Debug Log Settings.
  5. Enter the following values: L SC
  6. Click OK.
  7. Click Close to close the Troubleshooting dialog.
  8. Run the On-Demand or Scheduled Scan you are curious about. (Note: The debug option does not work with On-Demand Active Scans)
  9. Once the scan completes, close the scan dialog box if one is visible.
  10. Click Help and Support> Troubleshooting.
  11. Click Debug Logs.
  12. Click View Log.
  13. The "vpdebug.log" file will launch in the default text editor. This is a log of every file and directory that has been scanned.
  14. Run a "Custom On-Demand Scan" on a user-created directory called "C:\Tools:"

Below is an example of how a "vpdebug.log" after the above steps have been completed.






Technical Information
"vpdebug.log" is written to the working Symantec Endpoint Protection client directory, which is the following by default:
C:\Program Files\Symantec\Symantec Endpoint Protection
  • The registry value which is set debug parameters are entered is:
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\ProductControl\Debug

Legacy ID



2007121814372348


Article URL http://www.symantec.com/docs/TECH103126


Terms of use for this information are found in Legal Notices

Please Sign In

Login using SymAccount.

Knowledge Base Search

Knowledge Base Search

Rate this Article

Help us improve your support experience.

MySymantec

MySymantec

Contacting Support

Contacting Support