Antivirus and Antispyware Protection also includes Auto-Protect scanning for additional Internet email programs by monitoring all traffic that uses the POP3 or SMTP communications protocols. By default, Auto-Protect scans for viruses, Trojan horses, worms, and security
risks when it runs

Please refer Chapter 25 from the Administration guide.pdf file which is loacted in CD1 of SEP. Thic file will be under Symantec_Endpoint_Protection_11.0.5000.329_RU5_AllWin_EN_CD1\Documentation

My question was when/what the client do Antivirus Engine Off and Auto-Protect Off counted on the Status Summary. For example if an user end rtvscan.exe process manually, Auto-Protect off summary can count one as computers. How about Antivirus Engine Off? From where?
And how's the difference between Auto-Protect Off of Status Summary and Auto-Protect Failures on Security Status? That's what I want to know.

Thanks, guys.

.

  Auto-Protect Off when rtvscan killed or disabled
 Antivirus Engine Off when symantec antivirus service is killed or disabled.

It reminds me. Thank you, Rafeeq.
When or whrere Auto-Protect Failures counted on the system?

Regards.

Hi,

when autoprotect is disabled the key value for OnOff under

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan is 0

these events are caputred and set under

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Common\ForwardEvents\0 ( AP failure count)

key, these are then fwd to the management server

the logs are RAW MAn log
passed on the SEPM on port 9090

this should help you out.

Symantec Endpoint Protection 11.x event log entries

http://service1.symantec.com/support/ent-security.nsf/docid/2008080711443448?Open&seg=ent

When I stop the service of Symantec Endpoint Protection, SEPM can identify it as Auto-Protect Off and add one more count on Computers. Through this exercise I can confirm Auto-Protect off is related to Rtvscan.exe process ended or the service stopped. My question is how about Antivirus Engine Off. Can I exercise for Antivirus Engine Off? Thanks.

Thanks for your effort to explain, Rafeeq.
But frankly speaking  I am sorry I am still confusing between them.

Not a problem.:)

If you disable symantec endpoint protection service from servies.msc _______________> antivirus engine is off (that is disabling RTVSCan.exe)
if you disable file system autoprotect _>autoprotect  is OFF ( that is real time scan is OFF) still confusing :)

Let me repeat:
disable rtvscan.exe==>antivirus engine off
disable auto-protect===>auto-protect off

OK. It makes sense to me. How about auto-protect failures?

Autoprotect can be loaded when computer starts or when symantec endpoint protection starts,
failing to load will cause auto protect failures...
which is same like autoprotect disabled.

Thank you very much, Rafeeq.

Hello Guys,
Finally I understood in SEP seeing Off, Disabled and Failure are the same meaning.
For instance, Auto-Protect Off is equal to Auto-Protect Failure and Auto-Protect Disabled.
Thanks for your concern, everybody.