Video Screencast Help

Autoprotect Off - Status false positives

Created: 11 Apr 2011 • Updated: 18 Jan 2012 | 4 comments
This issue has been solved. See solution.

From the SEPM console - 'Status Summary' I see a big number of clients' Autoprotect status as Off. After cross checking I'm finding most of machines appearing in this report are false positives. So I was trying to get the 'true' status of the Clients somehow. I know there is a registry entry associated with this (SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan > OnOff keyvalue). But this is also not showing the right status, I mean ideally if OnOff = 1, Autoprotect is enabled, but this was not always true from my cross checking of the clients. Do any one have a clue as to how to get the right status of the client. I'm using RU6MP2 version. In many cases it was like this, in the client's system log an error 'warning' is generated "Symantec Endpoint Protection Auto-Protect failed to load." but in the subsequent updated definitions I noticed that this got automatically fixed but it did not leave any clue that things got fixed.

Comments 4 CommentsJump to latest comment

Mithun Sanghavi's picture


There are multiple causes for this error, but most commonly there could be a problem with the virus definitions failing to load.

Uninstalling and reinstalling will often resolve the virus definition issue.

If that is not the case, then please contact Symantec Technical Support for further assistance.

Also, try Migrating to the Latest Version 11.0.6300 (RU6 MP3) and check if that resolves the issue.

Migrating to Symantec Endpoint Protection 11.0.6300 (RU6 MP3)
Why Migrate? Check these: 
Release notes for Endpoint Protection and Network Access Control 11
About Maintaining Consistency of Software Versions throughout a SEP 11 Organization

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

joes1977's picture

Thanks Mithun for the info and lnks. But what I was looking forward was to get some clue to identify the 'real' issue ones.

pete_4u2002's picture

I believe for a moment it would be off, while updating the Autoprotect status would have turned on. DId you check the logs on the client side for any changes?

joes1977's picture

"Symantec Endpoint Protection Auto-Protect failed to load" error is on the client logs as i stated earlier just after the "Symantec Endpoint Protection services shutdown was successful." log. Then there is a "Symantec Endpoint Protection services startup was successful" log also. But I never get to see any log pertaining to the Auto-Protect fixed status for those machines where the issue is really fixed.