Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Cannot Complete Symantec Power Eraser Scan

  • 1.  Cannot Complete Symantec Power Eraser Scan

    Posted Aug 30, 2012 11:33 AM

    I have downloaded the Symantec Endpoint Protection (SEP) Support Tool. I am choosing to run the Symantec Power Eraser (SPE) and adding the rootkit analysis which requires a reboot.  The Load Point analysis seems to complete, but after the reboot and before the SPE completes a window appears titled, "Symantec Power Eraser" stating, "Lost required network connection during the scan. Canceling will disable the Scan button." There is a Retry button and a Cancel button in the window.

    When pressing the Retry button, the error message window reappears.  When pressing the Cancel button, the SPE scan does not complete.  I have the full data file in .sdbz format, but cannot upload it with this discussion. I do not think I have a slow or degraded network connection as I am able to connect to other websites, including this website, without issue. I have searched the Symantec Knowledgebase to no avail. Thoughts. Help!?



  • 2.  RE: Cannot Complete Symantec Power Eraser Scan



  • 3.  RE: Cannot Complete Symantec Power Eraser Scan

    Posted Aug 30, 2012 01:02 PM

    Thank you, Ashish. I did some testing with running the SEP Support Tool choosing the SPE in Safe Mode. When choosing to add the bootlog root kit analysis, which requires a reboot, and the PC came back into Safe Mode, the SEP Support Tool did not continue.

    When starting the SEP Support Tool and choosing the SPE in Safe Mode and choosing to add the bootlog root kit analysis, then having the PC reboot in Normal Mode, the SEP Support Tool continues, but I receive the same message in the window titled, "Symantec Power Eraser" stating, "Lost required network connection during the scan. Canceling will disable the Scan button."

    When starting the SEP Support Tool and choosing the SPE in Normal Mode and not choosing to add the bootlog root kit analysis, then having the PC reboot in Normal Mode, the SEP Support Tool continues, but I receive the same message in the window titled, "Symantec Power Eraser" stating, "Lost required network connection during the scan. Canceling will disable the Scan button."

    Good try, at least is seems the problem does not deal with doing a bootlog root kit analysis. Anyone? Symantec?



  • 4.  RE: Cannot Complete Symantec Power Eraser Scan

    Broadcom Employee
    Posted Aug 30, 2012 01:24 PM

    Hi Brian,

    If power eraser is not working then check with SERT.

    The Symantec Endpoint Recovery Tool (SERT) is a bootable CD that can scan and remove malware from an infected computer. SERT is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively

    How to use  SERT to boot on a CD and clean your machine

    http://www.symantec.com/docs/TECH131732

    Online scan for virus and threat

    http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=23&pkj=UQFPFIZTYMWPAZTJWUF



  • 5.  RE: Cannot Complete Symantec Power Eraser Scan

    Posted Sep 03, 2012 02:31 AM

    Hello BrianB,

     

    Does your report show anything suspicious?

    Say Power Eraser or SERT fail to clean or detect it... upload the suspicious file sample to Symantec

     



  • 6.  RE: Cannot Complete Symantec Power Eraser Scan

    Posted Sep 03, 2012 07:16 AM

    can u try running the tool on another machine and see if it works?



  • 7.  RE: Cannot Complete Symantec Power Eraser Scan

    Posted Sep 20, 2012 12:37 PM

    This morning I tried the SEP Support Tool on another PC; Windows XP with SEP v12.1.671.4971. I downloaded the Symantec Endpoint Protection (SEP) Support Tool and choose to run the Symantec Power Eraser (SPE) with adding the rootkit analysis which requires a reboot. The Load Point analysis seems to complete, but after the reboot and before the SPE completes a window appears titled, "Symantec Power Eraser" stating, "Lost required network connection during the scan. Canceling will disable the Scan button." There is a Retry button and a Cancel button in the window.

    I am going to take this our technology department to see if there could be an issue with our network (thinking of a closed port or timeout setting). Is there a place where where ports and network settings are identified for SPE?   



  • 8.  RE: Cannot Complete Symantec Power Eraser Scan

    Posted Sep 22, 2012 11:25 AM

    Are you behind a proxy?

    Or firewall may need to be configured to allow symantec domain.

    https://www-secure.symantec.com/connect/forums/sep-support-tool-symantec-power-eraser-doesnt-work-behind-proxy#comment-4237771



  • 9.  RE: Cannot Complete Symantec Power Eraser Scan

    Posted Sep 22, 2012 11:36 AM

    HI,

    Please Check if you are using proxy network this sides Need to be open?

    We recommended that in order to get SPE to work on a restricted network, you will need to open all http and https traffic from *.symantec.com and *.norton.com.



  • 10.  RE: Cannot Complete Symantec Power Eraser Scan

    Posted Sep 22, 2012 06:50 PM

    Is there any authentication required for internet access?



  • 11.  RE: Cannot Complete Symantec Power Eraser Scan

    Posted Oct 09, 2012 11:49 AM

    Thank you. I have tried the SERT bootable CD on the PC in my office to see how it works. The virus definitions were able to be updated before the scan was run.  The scan took about 2:15 (h:mm).

    I still want to pursue using the SEP Support Tool and the SPE as this usually took only a half hour for a PC and was able to be done via remote control with the user. The SPE also does not take any action, but identifies potential issues while the SERT process will automatically delete some items it finds with the option of undoing the entire scan.

    I have asked our technology department if our state network behind a proxy. I have also asked if our state network has http and https traffic open from *.symantec.com and *.norton.com.  I do not think our state network is requiring any authentication for internet access from where I have been attempting to use the SEP Support Tool and the SPE.   



  • 12.  RE: Cannot Complete Symantec Power Eraser Scan

    Posted Oct 25, 2012 12:53 PM

    Note the email message string below. It seems my problem has been solved. Thank you for your help. 

    From: Bartz, Brian W.
    Sent: Thursday, October 25, 2012 11:44 AM
    To: Brown, Jeff E.
    Cc: Kieson, Jodi D.
    Subject: RE: ITSM Incident 437149

    No and No.  Note the attached item. 

    I checked the Symantec Connect Forum today and do not find any additional entries from Symantec than what is provided in the Word document in the attached item. 

    I did try the Symantec Power Eraser and it worked.  I do not recall what version I was working with nor can I find it referenced in anything at the moment.  The version of SPE I see today from the results is v.1.0.6040.

    I will update the Symantec Connect Forum with this email.  Let me know if you have any questions. Thanks.

    From: Brown, Jeff E.
    Sent: Thursday, October 25, 2012 9:19 AM
    To: Bartz, Brian W.
    Subject: ITSM Incident 437149

    Brian:

    I have an open assignment on this incident that Ryan was assisting you with. It looks as though he provided you the SERT disk to resolve issues on these PCs. Did this resolve the issue or is further action required?

    Thanks,

    Jeff Brown, CISSP

    Information Systems Security Analyst

    North Dakota Information Technology Department

    (701) 328-3456 | jebrown@nd.gov