Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Files Trusted

Created: 14 Jul 2013 • Updated: 15 Jul 2013 | 20 comments

Using SEP 12.1.3001.165 (used 2015.2015 prior). When performing a scan in either version, particularly Active Scan, whether manually or by schedule, the 'Files Trusted' no longer shows a count, it is left blank. All my settings are identical as in the past and the SymHelp shows no error. Many thanks

Operating Systems:

Comments 20 CommentsJump to latest comment

.Brian's picture

So its only for active? Does a full scan showing anything?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

toasale1's picture

There are no numbers showing for any type scan. The scans seem to be running a bit longer than when the trusted files count was working. Thank you

.Brian's picture

I'm noticing the same thing on RU3 as well.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Does it show in Eventviewer ?

Number of trusted files shown in the client scan interface is different compared to the Windows event log
Fix ID: 
2407331
Symptom: The number of trusted files shown in the SEP UI after a scan is different than the number shown in the Windows event log. 
Solution: The number of trusted files is now calculated in a consistent way and matches in all locations.

Mithun Sanghavi's picture

Hello,

Is this issue occurying on all machines or only on 1 client?

@Rafeeq - That issue was resolved in SEP 12.1 RU1. 

When checking the Scan Logs of the SEP client on my machine, I see the trusted files. Check the screenshot - 

scanlog.JPG

Have you disabled the Insight Protection policy?

Virus and spyware scans include a feature that is called Insight that lets scans skip trusted files. You can choose the level of trust for the files that you want to skip, or you can disable the option. If you disable the option, you might increase scan time.

Auto-Protect can also skip the files that are accessed by trusted processes such as Windows Search.

1_4.JPG

I would suggest you to check this Article:

How Symantec Endpoint Protection protection features work together

http://www.symantec.com/docs/HOWTO55268

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

toasale1's picture

Only one client install. Did not think to use the Scan Log. However, there is still nothing shown in the referenced area of the GUI. All my settings compare to what one would normally desire as the 'Default' install and are concurrent with your reply. And then there is the feeling, though I've not put a meter to it, that subsequent scans, even of the exact same area, seem longer than I was used to. Beats me.

AjinBabu's picture

HI,

have you enabled the below ?

  • Do not scan files when trusted processes access the files

    Skips files that are accessed by Windows Search indexer and other safe processes.

       Regards

       Ajin

toasale1's picture

The 'Do not scan files.......' is ticked. I've got the Indexer trimed to only do my User Acct and Start Menu.. Think the Indexer could be the issue? Thanks. Thanks to all

roberta's picture

Good Day,

I have just checked the PC I have been using with SEP 12.1 RU3 aka 12.1.3001.165 installed...,

...& discovered that all the logs for all scans done from 11/July/2013 have NO trusted files in the logs.....

....And I have Not changed any settings.....

So what is going on?

Best Regards,

Roberta

Greetings from The Land Downunder

toasale1's picture

And I also have the same predicament as Roberta. Many thanks frown

SMLatCST's picture

Just to add to this.

I've been running SEP12.1RU3 on the SEPM and user endpoint since June, and have only just started seeing this since 12th July (see attached screenie which shows files are trsuted on scans run on 10th and 11th July, but nothing in subsequent scans).

This suggests to me, it might be an issue with the Insight repository itself rather than the client software.

scanlog.JPG
toasale1's picture

I need to present a small correction to my original post. There is a numeral showing in the Files trusted, it is a 0 (zero). In the Scan Log the number of files is always different, not to a large degree (+-30), but fluctuates up and down with every scan.

This should be fixed, because the underlying problem could be corrupted in the beginning prior to being set for download. Hopefully, it is just a file glitch in the installed program. Thank you Symantec. indecision

toasale1's picture

Re-formatted, loaded the version discussed and the issues are still occuring. I am no longer paying attention to this, because Symantec does not care to respond.

.Brian's picture

Did you open a support case?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

roberta's picture

Good Day,

I also believe Symantec should reply & post in this thread...

Thank You Very Much,

Roberta

Greetings from The Land Downunder

.Brian's picture

This community is full of mostly users of the product. Symantec employees do monitor and post, however, if you're looking for an official statement or troubleshooting, you're best off opening a support case.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

toasale1's picture

Wonders never cease. As of this Doc. ID: TECH207005 and the patch of 8-25 my unit is now operating properly -> Trusted Files are being noted and the scans are faster.

SMLatCST's picture

Can you elaborate on what was done please?

The article http://www.symantec.com/docs/TECH207005 only lists the inplace client upgrade packages, and should be the same as that exported from the SEPM (i.e. 12.1.3001.165).

Are you saying that endpoints using the client only upgrade package successfully report the number of trusted files, whereas endpoints upgraded by the SEPM and/or installed anew with 12.1RU3 do not?

toasale1's picture

As I'd done in the past, I reinstalled 12.1's 2100 version and went to the patches and upgrades page to download the patch to upgrade to 3001.165. It used to be approx a +30 mb file however, it is now a 256 mb patch with a recent date. Applied it, it updated me to the 165 and now scans run perfectly. I'm on an unmanaged client (no SEPM). Only thing I can deduct is Symantec put together this large patch and in doing so, proper code was utilized. Scroll down to download the patch

http://www.symantec.com/business/support/index?page=content&id=TECH206979

This is all I know to brief you on. Much success.

SameerU's picture

Hi

Whar is the client version ?

Regards