Cannot Complete Symantec Power Eraser Scan
I have downloaded the Symantec Endpoint Protection (SEP) Support Tool. I am choosing to run the Symantec Power Eraser (SPE) and adding the rootkit analysis which requires a reboot. The Load Point analysis seems to complete, but after the reboot and before the SPE completes a window appears titled, "Symantec Power Eraser" stating, "Lost required network connection during the scan. Canceling will disable the Scan button." There is a Retry button and a Cancel button in the window.
When pressing the Retry button, the error message window reappears. When pressing the Cancel button, the SPE scan does not complete. I have the full data file in .sdbz format, but cannot upload it with this discussion. I do not think I have a slow or degraded network connection as I am able to connect to other websites, including this website, without issue. I have searched the Symantec Knowledgebase to no avail. Thoughts. Help!?
Comments
Check this artical. I
Check this artical.
I cannot complete a scan with Norton Power Eraser
https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?ct=fr&docid=v51673309_EndUserProfile_en_us&lg=fr&product=home&pvid=f-home&version=current&nojs=pvselect
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Thank you, Ashish. I did some
Thank you, Ashish. I did some testing with running the SEP Support Tool choosing the SPE in Safe Mode. When choosing to add the bootlog root kit analysis, which requires a reboot, and the PC came back into Safe Mode, the SEP Support Tool did not continue.
When starting the SEP Support Tool and choosing the SPE in Safe Mode and choosing to add the bootlog root kit analysis, then having the PC reboot in Normal Mode, the SEP Support Tool continues, but I receive the same message in the window titled, "Symantec Power Eraser" stating, "Lost required network connection during the scan. Canceling will disable the Scan button."
When starting the SEP Support Tool and choosing the SPE in Normal Mode and not choosing to add the bootlog root kit analysis, then having the PC reboot in Normal Mode, the SEP Support Tool continues, but I receive the same message in the window titled, "Symantec Power Eraser" stating, "Lost required network connection during the scan. Canceling will disable the Scan button."
Good try, at least is seems the problem does not deal with doing a bootlog root kit analysis. Anyone? Symantec?
Hi Brian, If power eraser is
Hi Brian,
If power eraser is not working then check with SERT.
The Symantec Endpoint Recovery Tool (SERT) is a bootable CD that can scan and remove malware from an infected computer. SERT is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively
How to use SERT to boot on a CD and clean your machine
http://www.symantec.com/docs/TECH131732
Online scan for virus and threat
http://security.symantec.com/sscv6/home.asp?langid...
Chetan Savade
Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.&
Hello BrianB, Does your
Hello BrianB,
Does your report show anything suspicious?
Say Power Eraser or SERT fail to clean or detect it... upload the suspicious file sample to Symantec
can u try running the tool on
can u try running the tool on another machine and see if it works?
This morning I tried the SEP
This morning I tried the SEP Support Tool on another PC; Windows XP with SEP v12.1.671.4971. I downloaded the Symantec Endpoint Protection (SEP) Support Tool and choose to run the Symantec Power Eraser (SPE) with adding the rootkit analysis which requires a reboot. The Load Point analysis seems to complete, but after the reboot and before the SPE completes a window appears titled, "Symantec Power Eraser" stating, "Lost required network connection during the scan. Canceling will disable the Scan button." There is a Retry button and a Cancel button in the window.
I am going to take this our technology department to see if there could be an issue with our network (thinking of a closed port or timeout setting). Is there a place where where ports and network settings are identified for SPE?
Are you behind a proxy? Or
Are you behind a proxy?
Or firewall may need to be configured to allow symantec domain.
https://www-secure.symantec.com/connect/forums/sep-support-tool-symantec-power-eraser-doesnt-work-behind-proxy#comment-4237771
SEP Knowledge Base
Endpoint SWAT
HI, Please Check if you are
HI,
Please Check if you are using proxy network this sides Need to be open?
We recommended that in order to get SPE to work on a restricted network, you will need to open all http and https traffic from *.symantec.com and *.norton.com.
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Is there any authentication
Is there any authentication required for internet access?
SEP Knowledge Base
Endpoint SWAT
Thank you. I have tried the
Thank you. I have tried the SERT bootable CD on the PC in my office to see how it works. The virus definitions were able to be updated before the scan was run. The scan took about 2:15 (h:mm).
I still want to pursue using the SEP Support Tool and the SPE as this usually took only a half hour for a PC and was able to be done via remote control with the user. The SPE also does not take any action, but identifies potential issues while the SERT process will automatically delete some items it finds with the option of undoing the entire scan.
I have asked our technology department if our state network behind a proxy. I have also asked if our state network has http and https traffic open from *.symantec.com and *.norton.com. I do not think our state network is requiring any authentication for internet access from where I have been attempting to use the SEP Support Tool and the SPE.
Note the email message string
Note the email message string below. It seems my problem has been solved. Thank you for your help.
From: Bartz, Brian W.
Sent: Thursday, October 25, 2012 11:44 AM
To: Brown, Jeff E.
Cc: Kieson, Jodi D.
Subject: RE: ITSM Incident 437149
No and No. Note the attached item.
I checked the Symantec Connect Forum today and do not find any additional entries from Symantec than what is provided in the Word document in the attached item.
I did try the Symantec Power Eraser and it worked. I do not recall what version I was working with nor can I find it referenced in anything at the moment. The version of SPE I see today from the results is v.1.0.6040.
I will update the Symantec Connect Forum with this email. Let me know if you have any questions. Thanks.
From: Brown, Jeff E.
Sent: Thursday, October 25, 2012 9:19 AM
To: Bartz, Brian W.
Subject: ITSM Incident 437149
Brian:
I have an open assignment on this incident that Ryan was assisting you with. It looks as though he provided you the SERT disk to resolve issues on these PCs. Did this resolve the issue or is further action required?
Thanks,
Jeff Brown, CISSP
Information Systems Security Analyst
North Dakota Information Technology Department
(701) 328-3456 | jebrown@nd.gov
Would you like to reply?
Login or Register to post your comment.