Can't get Scan Progress Dialog to show up
Hi. First time poster. Have searched and can't anything else to try.
Installing EPP as unmanaged client on XP SP3 clients, on peer-to-peer network that will never see the internet.
Upgrading from Symantec AntiVirus Corp Edition, v 10.1.6.6000
Currently (v10) scan progress dialog shows up w/ scheduled scans and scans from explorer right click, "Scan for Viruses..."
After installing EPP v11 MR4 (11.0.4202.75), the scan progress dialog will not show up no matter what I try.
With MR4, the scan progress in the Status View of the Console window does show up, but not the scan progress dialog.
Moved all EPP live update files to private live update server. Live update gets all virus defs, security updates, etc.
Tried creating an on demand scan and selecting options to Show Scan Dialog, and made sure "close after scan complete" was unchecked.
Also tried installing EPPM on another XP box, and created an unmanaged client, w/ policy set explicitly to show virus scan progress, etc.
EPP on the client is happy (all status Green), and works great, except I can't get the scan progress dialog to show up.
EPP installed on another XP SP3 machine, in our office environment works fine, including the scan progress dialog.
Any help greatly appreciated.
Thanks,
Rick.
Hi, On the client, open the
Hi,
On the client, open the registry editor and navigate to,
HKLM\Software\Symantec\Symantec Endpoint Protection\AV\LocalScans\Default CustomScan Option
On the right pane check for the DWORD "DisplayStatusDialog" the value must be 1, if not change it to 1.
Hi Swaminathan, Excellent
Hi Swaminathan,
Excellent tip!!
Keep up the good job..
Best,
Aniket
Ya.. Good one....
Ya.. Good one....
Regards,
Srinivas H.P.
HCL Infosystems Ltd
Thanks for the reply.
Thanks for the reply. Unfortunately that value is already set to 1
Also set to 1 for Default Startup QuickScan Options, Default QuickScan Options, Default FullScan Options, and Manual Scan.
Any other ideas? Any ideas how I can set troubleshoolting debug options to report more status? I don't see any issues in the log file.
Thanks in advance,
Rick.
Try logging in with a
Try logging in with a diffrent user account and then try to launch a scan.
Check if there is permission issues in DCOM (dcomcnfg)
Celebrating 2 years as a community member....
Fails for the three enabled
Fails for the three enabled users on this machine: Default admin, user w/ admin priv, and user w/ power user priv. Majority of work on this system is w/ user w/ admin priv.
Not sure what I'm looking at w/ DCOM. dcomcnfg shows DCOM is enabled. If I look at the symantec items, they all have zero objects. Permissions look OK to me. Additional specifics on what I should check would be helpful. DCOM settings have not changed since SAV v10 scan progress dialog was working.
Thanks,
Rick.
Well if it was working on SAV
Well if it was working on SAV then it shouldn't be permission ..
Can you run cleanwipe on this system then install SEP.
Celebrating 2 years as a community member....
Used cleanwipe on system and
Used cleanwipe on system and installed SEP.
I'm very confused that SEP retained the virus defs and other policy stuff, even though I said "yes" to all cleanwipe options. Tried this twice and still retained the virus defs, and other policies, etc.
Had CM make me a new image for the system, one that had never seen SEP, but had SAV 10.
Used cleanwipe on system and installed SEP MR4.
Scan progress dialog doesn't show up before or after connecting to local live update server to retrieve all updates.
Same original symptoms: SEP all happy & all status green. Can't get any form of scan progress dialog to show up.
Thanks,
Rick.
p.s. I think something we did to the system, to meet security requirements, may be biting me (e.g. the prior DCOM suggestion), but I don't know what it is, and it isn't easy to back these out en mass. The settings have not changed since SAV 10 worked. Any ideas what may be different (in context of show scan progress) between SAV 10 and SEP 11?
Troubleshooting Symantec
Troubleshooting Symantec AntiVirus Corporate Edition and Symantec Endpoint Protection installations: Checking rights and permissions
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002103013521548
Celebrating 2 years as a community member....
Checked all the settings in
Checked all the settings in the document ID 2002103013521548 referenced above.
Made a couple of changes in the "Checking DCOM settings to add Administrators and Interactive to the Default Access permissions.
Restarted machine, but no change in behavior.
Thanks,
Rick.
Re
Hi Rick, do you have any GPO policies prohibiting unknown processes? You might need to double check on that.
Thanks for the
Thanks for the suggestion.
This is a peer-to-peer (workgroup) network, not active directory, etc. Don't have a group policy in effect. Don't see anything in the local policies that would exclude unknown processes. Have reverted to a vanilla, typical install for SEP 11, w/ no policies other than what gets installed by default. Do you have any explicit local policy settings I should check?
Thanks,
Rick.
https://www-secure.symantec.
https://www-secure.symantec.com/connect/articles/computer-software-restriction-policy-results-symantec-av-service-start-failure
Celebrating 2 years as a community member....
Thanks for the suggestion,
Thanks for the suggestion, but the service is starting and the scans are completing. Not seeing the Event Viewer error from the article referenced above. The event 14 is successful, not error.
Thanks,
Rick.
Check Registry permission
Check Registry permission and in advanced check "replace permission entries on all child...."
check these
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec
HKEY_CURRENT_USER\Software\Symantec
SYSTEM and ComputerName\Administrators should have full control
Celebrating 2 years as a community member....
Thanks. Performed these
Thanks. Performed these steps as part of meeting the requirements in the 2002103013521548 document referenced above. Checked all registry permissions for those (and other sites). Did not see any permissions issues. Performed the "replace permission entries on all child..." step for all anyway. Per above reply, rebooted, and no change.
Thanks,
Rick.
Hmm...can you run Regmon
Hmm...can you run Regmon ..start capture then launch a scan. then stop capture.
Export the logs and post it here..
Celebrating 2 years as a community member....
Have captured a log file w/
Have captured a log file w/ ProcessMonitor (replacement for Regmon and Filemon), but can't figure out how to post the log file. FYI, for a few seconds of data, it is almost 13 MB.
Rick.
hmm...try uploading it
hmm...try uploading it to http://www.2shared.com/
Celebrating 2 years as a community member....
http://www.2shared.com/file/8
http://www.2shared.com/file/8022750/b0f6086b/LOGPML.html
File will download as LOG.PML.zip
unzip to LOG.PML and open w/ ProcessMonitor.
Thanks,
Rick.
Once a scan is created by
Once a scan is created by SymCorpUI.exe
Svchost looks in HKEY_CURRENT_USER\Volatile Environment
and then Launches SavUI.exe ( process that shows the dialog for scanning)
In your Log in neither see SymCorpUi.exe or SavUI.exe
\Program Files\Symantec\Symantec Endpoint Protection\
can you check permissions on these two files.try to manually launch SavUi.exe and see if you get any error..
Celebrating 2 years as a community member....
SymCorpUI.exe and SavUI.exe
SymCorpUI.exe and SavUI.exe have the same security permissions, inherited from C:\Program Files.
Users have Read & Execute
Power Users have Modify
Admin & System have full control
Double click or running SavUI.exe in a command prompt, the program starts and immediately finishes, w/ no apparent error messages.
Thanks for looking through the logs.
Rick.
Update:
From what I have read, I think the SymCorpUI is the client user interface. When I double click SymCorpUI.exe, the interface shows up. When I kill SymCorpUI.exe, the client interface goes away. I don't find much on SavUI.exe
Update2:
Looking at home system w/ unmanaged client, SavUI.exe is the process for the scan progress dialog. From Task Manager, when I switch to the process from the application tab scan progress dialog, it goes to the SavUI.exe process in the processes tab.
I collected a ProcessMonitor log from home system, where the scan progress dialog works, and SavUI.exe shows up, and uploaded it per above. Link is:
http://www.2shared.com/file/8099435/3451532b/Log_2PML.html
I guess last time when you
I guess last time when you created a new scan and had created one then you clicked on scan now.
Can you open the SEP GUI and click on Run Active Scan while collecting the logs.
Make sure you have the ProcessMonitor running before and after clicking on Run active scan.
Celebrating 2 years as a community member....
I believe in both log files
I believe in both log files (the one that doesn't show SavUI.exe, and the one that does), I did not have the client interface up (SymCorpUI.exe), but just right clicked a file on the desktop (rktemp.csv) and selected "Scan for viruses..." just after clearing the log being collected by ProcessMonitor. Is this not sufficient?
Knowing very little, to me it looks like rtvscan starts, and on the one that works, somehow communicates via svchost (PIT 1372) (at 3:47:28.6666690 PM) which then starts SavUI.exe at 3:47:29.1052342 PM. I see some vague references to COM3, but have no idea where to go from there. The stack refers to RPC stuff (Remote Procedure Call?).
Won't get a chance to get back to this task until Tomorrow afternoon.
Will also check the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment when I can.
Thanks,
Rick.
Also make sure everything is
Also make sure everything is correct in this location you can compare with any other system.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
Celebrating 2 years as a community member....
Would you like to reply?
Login or Register to post your comment.