Client has 52 thousand files but SEP scanned 34.5 million files? Where?
Created: 13 Nov 2012 | Updated: 15 Nov 2012 | 6 comments
This issue has been solved. See solution.
I have a client that has a weekly scan that lasts 28 hours. The client isn't that big with only 52 thousand files on it and I know that 295 files are CABs and 48 are ZIPs and one is a JAR but 34.5 million are a lot of files to be in these compressed files. the largest one only has 6800 files in it.
On the SEPM under Protection Technology > Scan Details I have the Network Steeings disabled for, "Scan files on remote computers"
One suggestion I got was to turn on vpdebug, but it's more for troubleshooting issues, less on reporting - http://www.symantec.com/business/support/index?page=content&id=TECH103126 If I thought 28 hours for scanning was long this could double it.
Can anyone tell me where the other 34,448,000 files are?
Discussion Filed Under:
Comments 6 Comments • Jump to latest comment
Did any mapped drives get scanned?
You can run a tool such as windirstat to tell you where all files on your hard drive are located
SEP Knowledge Base
Endpoint SWAT
My understading is that it scans all the files including registry, registration entries, services, temp files, etc
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
My guess is it's counting the files within compressed files, too.
sandra
Symantec, Information Development, IMDP
Symantec Endpoint Protection / Core Security Engineering Group
Don't forget to mark your thread as 'solved' with the answer that best helped you!
Compressed files are the culprit, and not just zip and rar files.
"Hurricane" Andrew
Felton, Delaware
I have gone through most of the compressed files and as I mentioned there is one that has over 6800 files in it. Most of the others have 1 to 45 files. What I did not look for were compressed files within compressed files as SEP will scan down three layers.
Do you realy think there could be more than 600 times more compressed files than uncompressed?
Anything is possible but is there any way to tell other than writing a script as they do not want outside code running on this server?
I could not believe these numbers so I spent a lunch our digging into this question. Once I made Hidden System files visible I ran the numbers again. On the client there are; 2 *.jar files, 4 *.zip files and 2967 *.cab files. Just looking through the top 25 files I found 105,969 files within these compressed files.
Basically I checked .8% of the compressed files and found .3% of the 34 million files.
I would have bet against this being true.
Some options are:
Would you like to reply?
Login or Register to post your comment.