Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Cannot Complete Symantec Power Eraser Scan

Created: 30 Aug 2012 | 11 comments

I have downloaded the Symantec Endpoint Protection (SEP) Support Tool. I am choosing to run the Symantec Power Eraser (SPE) and adding the rootkit analysis which requires a reboot.  The Load Point analysis seems to complete, but after the reboot and before the SPE completes a window appears titled, "Symantec Power Eraser" stating, "Lost required network connection during the scan. Canceling will disable the Scan button." There is a Retry button and a Cancel button in the window.

When pressing the Retry button, the error message window reappears.  When pressing the Cancel button, the SPE scan does not complete.  I have the full data file in .sdbz format, but cannot upload it with this discussion. I do not think I have a slow or degraded network connection as I am able to connect to other websites, including this website, without issue. I have searched the Symantec Knowledgebase to no avail. Thoughts. Help!?

Comments 11 CommentsJump to latest comment

BrianB's picture

Thank you, Ashish. I did some testing with running the SEP Support Tool choosing the SPE in Safe Mode. When choosing to add the bootlog root kit analysis, which requires a reboot, and the PC came back into Safe Mode, the SEP Support Tool did not continue.

When starting the SEP Support Tool and choosing the SPE in Safe Mode and choosing to add the bootlog root kit analysis, then having the PC reboot in Normal Mode, the SEP Support Tool continues, but I receive the same message in the window titled, "Symantec Power Eraser" stating, "Lost required network connection during the scan. Canceling will disable the Scan button."

When starting the SEP Support Tool and choosing the SPE in Normal Mode and not choosing to add the bootlog root kit analysis, then having the PC reboot in Normal Mode, the SEP Support Tool continues, but I receive the same message in the window titled, "Symantec Power Eraser" stating, "Lost required network connection during the scan. Canceling will disable the Scan button."

Good try, at least is seems the problem does not deal with doing a bootlog root kit analysis. Anyone? Symantec?

Chetan Savade's picture

Hi Brian,

If power eraser is not working then check with SERT.

The Symantec Endpoint Recovery Tool (SERT) is a bootable CD that can scan and remove malware from an infected computer. SERT is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively

How to use  SERT to boot on a CD and clean your machine

http://www.symantec.com/docs/TECH131732

Online scan for virus and threat

http://security.symantec.com/sscv6/home.asp?langid...

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

cus000's picture

Hello BrianB,

 

Does your report show anything suspicious?

Say Power Eraser or SERT fail to clean or detect it... upload the suspicious file sample to Symantec

 

Simpson Homer's picture

can u try running the tool on another machine and see if it works?

BrianB's picture

This morning I tried the SEP Support Tool on another PC; Windows XP with SEP v12.1.671.4971. I downloaded the Symantec Endpoint Protection (SEP) Support Tool and choose to run the Symantec Power Eraser (SPE) with adding the rootkit analysis which requires a reboot. The Load Point analysis seems to complete, but after the reboot and before the SPE completes a window appears titled, "Symantec Power Eraser" stating, "Lost required network connection during the scan. Canceling will disable the Scan button." There is a Retry button and a Cancel button in the window.

I am going to take this our technology department to see if there could be an issue with our network (thinking of a closed port or timeout setting). Is there a place where where ports and network settings are identified for SPE?   

.Brian's picture

Are you behind a proxy?

Or firewall may need to be configured to allow symantec domain.

https://www-secure.symantec.com/connect/forums/sep-support-tool-symantec-power-eraser-doesnt-work-behind-proxy#comment-4237771

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

HI,

Please Check if you are using proxy network this sides Need to be open?

We recommended that in order to get SPE to work on a restricted network, you will need to open all http and https traffic from *.symantec.com and *.norton.com.

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

Is there any authentication required for internet access?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

BrianB's picture

Thank you. I have tried the SERT bootable CD on the PC in my office to see how it works. The virus definitions were able to be updated before the scan was run.  The scan took about 2:15 (h:mm).

I still want to pursue using the SEP Support Tool and the SPE as this usually took only a half hour for a PC and was able to be done via remote control with the user. The SPE also does not take any action, but identifies potential issues while the SERT process will automatically delete some items it finds with the option of undoing the entire scan.

I have asked our technology department if our state network behind a proxy. I have also asked if our state network has http and https traffic open from *.symantec.com and *.norton.com.  I do not think our state network is requiring any authentication for internet access from where I have been attempting to use the SEP Support Tool and the SPE.   

BrianB's picture

Note the email message string below. It seems my problem has been solved. Thank you for your help. 

From: Bartz, Brian W.
Sent: Thursday, October 25, 2012 11:44 AM
To: Brown, Jeff E.
Cc: Kieson, Jodi D.
Subject: RE: ITSM Incident 437149

No and No.  Note the attached item. 

I checked the Symantec Connect Forum today and do not find any additional entries from Symantec than what is provided in the Word document in the attached item. 

I did try the Symantec Power Eraser and it worked.  I do not recall what version I was working with nor can I find it referenced in anything at the moment.  The version of SPE I see today from the results is v.1.0.6040.

I will update the Symantec Connect Forum with this email.  Let me know if you have any questions. Thanks.

From: Brown, Jeff E.
Sent: Thursday, October 25, 2012 9:19 AM
To: Bartz, Brian W.
Subject: ITSM Incident 437149

Brian:

I have an open assignment on this incident that Ryan was assisting you with. It looks as though he provided you the SERT disk to resolve issues on these PCs. Did this resolve the issue or is further action required?

Thanks,

Jeff Brown, CISSP

Information Systems Security Analyst

North Dakota Information Technology Department

(701) 328-3456 | jebrown@nd.gov