Scheduled/Manual scan takes a long time to complete on a machine with an active Application and Device Control policy
|Article:TECH96797|||||Created: 2009-01-14|||||Updated: 2011-11-08|||||Article URL http://www.symantec.com/docs/TECH96797|
Scheduled/Manual scans take a long time to complete on a machine with an active Application and Device Control policy. You have already fine tuned the scanning options but scans continue to take a long time to complete.
The Symantec Endpoint Protection control log contains a large number of entries after a manual or scheduled scan started or completed.
You are running a managed Symantec Endpoint Protection client with an active Application and Device Control policy.
An active Application and Device Control policy is assigned to the affected client(s) that is configured/setup to monitor file-activity. For example:
- Whenever DOC, XLS, PPT, PDF files are accessed, you configured the Application Control policy to log the access.
- Whenever an EXE file is launched, you configured the Application Control policy to log the launch.
The result of this policy is that when you run a Full or Manual scan SEP will generate a large number of log entries in its local Control log. For example:
13:19:56 File_Access(Local)_File_Write 1824 C:\Program Files\Symantec AntiVirus\Rtvscan.exe 0 No Module Name c:\documents\Policy.doc Default SYSTEM A Company
For each of the applicable rules that generate to much log-traffic during a scan, you should exclude "rtvscan.exe" from being monitored by adding it to the field "Do not apply this rule to the following processes". Other exclusions or exceptions for other processes may be applicable for this type of rule.
Article URL http://www.symantec.com/docs/TECH96797