Endpoint Protection

 View Only

  • 1.  Help with decryption AVMan.log

    Posted Jul 07, 2015 02:36 AM

     

    Hi, I am trying to make an automation process which would run an automatic scan on specific hosts in my organization. Those hosts are changing every day it is not a constant list. I am using psexec to login to those hosts and running the doscan.exe. my problem is that I can't understand  the avman.log file in the target host because it seems to be encrypted. Is there any way to decrypted it or maybe is there a log file in the console that I can read from automatically to check the status of the host. It takes me a long time to check status of many hosts on the SEP console therefore  I want to make it automatically

     

    We use SEP 12 in our organization

     

     

     

    Best regards

    Omri shamir



  • 2.  RE: Help with decryption AVMan.log

    Posted Jul 07, 2015 12:15 PM

    avman.log is not encrypted its just in comma delimited, which is hard to read at times. Drop into Excel and filter based on the commas, it will sort accordingly.



  • 3.  RE: Help with decryption AVMan.log

    Posted Jul 08, 2015 09:13 AM

    so where can i see the date of the scans 

     



  • 4.  RE: Help with decryption AVMan.log

    Posted Jul 08, 2015 09:20 AM

    There in there but the times need to be converted to readable format.



  • 5.  RE: Help with decryption AVMan.log

    Posted Jul 08, 2015 09:27 AM

    check the registry its easy

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\TimeOfLastScan

    Also check this Article: 

    How to decode the TimeOfLastVirus and TimeOfLastScan registry values

    http://www.symantec.com/docs/TECH99873

    Hope that helps!!