Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to determine what files are being scanned by Auto-Protect in real-time

Created: 24 Feb 2012 | 6 comments
.Brian's picture

Is it possible to determine exactly what files are being scanned by SEP in real-time?

I'm using process monitor with a filter set to show only activity from rtvscan.exe but I'm not getting much other than a bunch of registry activity.

There is an option in SEP under Antivirus and Antispyware Protection >> Options >> View File System Auto-Protect Statistics. This appears to be Ok but I would prefer something I could save to a file and drop into Excel and go from there.

Running SEP RU6 MP3. Curious to see if anyone has done anything with this.

Any help would be appreciated.

Comments 6 CommentsJump to latest comment

.Brian's picture

Is there a particular string within vpdebug to look for?  I see a ton of info but nothing referring to the scanning of files.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Q.'s picture

You should see lines like this:

05:19:27.453691[_9548]|Processing directory ...
05:19:27.454757[_9548]|Processing file ...

Please remember to mark the proper comment as SOLUTION:
 - to identify threads that do not require further assistance
 - to let other visitors know how to fix such issue

pete_4u2002's picture

Thumbs up to John Q.

You should be looking for entry like

Processing file  

John Q.'s picture

As Pete already mentioned, the best for you would be to use VPdebug.

Keep in mind as well that ProcessMonitor require some modifications to capture Auto-Protect events (see http://www.symantec.com/docs/TECH98079 for more details).

Please remember to mark the proper comment as SOLUTION:
 - to identify threads that do not require further assistance
 - to let other visitors know how to fix such issue

.Brian's picture

Been running for over an hour and there is nothing with "processing" in the string

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.