Scheduled/Manual scan takes a long time to complete on a machine with an active Application and Device Control policy

Article:TECH96797  |  Created: 2009-01-14  |  Updated: 2011-11-08  |  Article URL http://www.symantec.com/docs/TECH96797
Article Type
Technical Solution


Issue



Scheduled/Manual scans take a long time to complete on a machine with an active Application and Device Control policy. You have already fine tuned the scanning options but scans continue to take a long time to complete.


Error



The Symantec Endpoint Protection control log contains a large number of entries after a manual or scheduled scan started or completed.


Environment



You are running a managed Symantec Endpoint Protection client with an active Application and Device Control policy.


Cause



An active Application and Device Control policy is assigned to the affected client(s) that is configured/setup to monitor file-activity. For example:

  • Whenever DOC, XLS, PPT, PDF files are accessed, you configured the Application Control policy to log the access.
  • Whenever an EXE file is launched, you configured the Application Control policy to log the launch.

The result of this policy is that when you run a Full or Manual scan SEP will generate a large number of log entries in its local Control log. For example:

13:19:56 File_Access(Local)_File_Write 1824 C:\Program Files\Symantec AntiVirus\Rtvscan.exe 0 No Module Name c:\documents\Policy.doc Default SYSTEM A Company

Solution



For each of the applicable rules that generate to much log-traffic during a scan, you should exclude "rtvscan.exe" from being monitored by adding it to the field "Do not apply this rule to the following processes". Other exclusions or exceptions for other processes may be applicable for this type of rule.



Legacy ID



2009101511031348


Article URL http://www.symantec.com/docs/TECH96797


Terms of use for this information are found in Legal Notices