How to log all files and directories scanned during On-Demand / Scheduled Scan with Symantec Endpoint Protection 11.x and 12.1

Article:TECH103126  |  Created: 2007-01-18  |  Updated: 2014-04-11  |  Article URL http://www.symantec.com/docs/TECH103126
Article Type
Technical Solution

Product(s)

Environment

Issue



How to verify which files (including those inside containers / compressed files) and directories are scanned during an On-Demand or Scheduled Scan with a Symantec Endpoint Protection 11.x  and 12.1 client.

Symptoms
You want to confirm which files (including inside containers / compressed files) and directories are being scanned during a Full System On-Demand or Scheduled Scan with a Symantec Endpoint Protection 11.x and 12.1 client.


Solution



Enable the Symantec Endpoint Protection debug with specific parameters.

  1. Open the local user interface of the Symantec Endpoint Protection (11.x / 12.1) client
  2. Click Help and Support> Troubleshooting.
  3. Click Debug Logs.
  4. Under Symantec Endpoint Protection, click Edit Debug Log Settings.
  5. Enter the following values: L SC
  6. Click OK.
  7. Click Close to close the Troubleshooting dialog.
  8. Run the On-Demand or Scheduled Scan you are curious about. (Note: The debug option does not work with On-Demand Active Scans)
  9. Once the scan completes, close the scan dialog box if one is visible.
  10. Click Help and Support> Troubleshooting.
  11. Click Debug Logs.
  12. Click View Log.
  13. The "vpdebug.log" file will launch in the default text editor. This is a log of every file and directory that has been scanned.
  14. Run a "Custom On-Demand Scan" on a user-created directory called "C:\Tools:"

Below is an example of how a "vpdebug.log" after the above steps have been completed.






Technical Information
"vpdebug.log" is written to the working Symantec Endpoint Protection client directory, which is the following by default:
C:\Program Files\Symantec\Symantec Endpoint Protection

  • The registry value which is set debug parameters are entered is:
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\ProductControl\Debug

 



Legacy ID



2007121814372348


Article URL http://www.symantec.com/docs/TECH103126


Terms of use for this information are found in Legal Notices