Video Screencast Help

How long should SEP 11 Full Scan take

Created: 13 Jan 2011 | 15 comments

Hello,

 

I began a SEP 11 full scan on a machine 9am this morning. Now it is 2pm in the afternoon and it is still going on.

The disk drive where the scan is being done is 379 GB with 21.5 GB free.

I have never encountered such an occurance before. Is this normal, or is there an underlying issue?

Comments 15 CommentsJump to latest comment

P_K_'s picture

Depends on the size of the HDD and amount of data it has

 

It is NORMAL.On my 120 GB HDD. with 100 GB of data it takes about 3.5 to 4hrs

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Vikram Kumar-SAV to SEP's picture

Is it showing the scan progress window ?

It might be stuck at some file..

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

sandra.g's picture

If you have a lot of compressed files (ZIP, etc), and you have compressed file scanning set to go several layers deep, then the scanner has a lot more work to do.

sandra

Symantec, Information Developer
Installation, Migration, Deployment and Patching
User Protection & Productivity, Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best help

RSASKA's picture

Yes, I see the scan stuck on compressed files, then it continues.

Full scans in our environment usually take 30 minutes. This one was taking forever and I just stopped it because I thought the SEP installation may be damaged.

Will look into this further

The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.

 

Vikram Kumar-SAV to SEP's picture

It will take some time for scanning zipped/compressed files as it uses different different Decompressor engine the extract them and scan them..So if you've lot of compressed files it will take a long time.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

mon_raralio's picture

You may want to skip on the compressed files or scan only up to level 1.

If there is a malware buried deep inside a compressed file in multiple levels, I figured it needs a script or executable in the root or at least level 1 of a compressed file to function. And when it runs, realtime scanning should get it.

“Your most unhappy customers are your greatest source of learning.”

Samuel_L's picture

You can also check the Application logs in EventViewer if any errors related to Decomposer Engines are logged. A constant entry being created in the EventViewer may slow down the scan as well.

"Could not scan [#] files inside [path][filename] due to extraction errors encountered by the Decomposer Engines" during a scan:

http://www.symantec.com/business/support/index?pag...

Sebastian Zink's picture

Hi,

 

i have the same Problem in our Company, since i upgraded to SEP 11. The Full Scan takes much more time then the Full Scan of SAV10 did.

Can someone explain why?

 

Greets

Zink

thatdude's picture

What is the performance setting on for scans on your SAV10 and SEP policies? We noticed the same issue and discovered that SEP scan performance was set differently and was using the 3rd option. This option monitors I/O and scans when I/O load is low. This results in longer scans compared to SAV10 but less impact to system performance compared to SAV10. You can move the slider in SEP to one of the first two options and compare to SAV10 since ruses options are the same between products.

I expect the next version of SEP's scan time and performance impact to dramatically improve over any other previously released Symantec AV product.

GeoGeo's picture

Also if you are on RU6 MP2 if you stop the scan or turn off the machine SEP will pick up the scan next time from where it stopped the last time so you don't need to sit and do all the scan in one sitting.

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

Sebastian Zink's picture

Thank, i know, but we'll need to scan our company pcs (round about 300) in every Friday noon break. The breaks goes about 45mins, that was enough time for SAV10 but not for SEP11, to scan.

Both "Full Scan" and max Performance...

Next Idea?

 

Greets Zink

Thomas K's picture

Sebastian, take a look at this KB that explains the the cause of slow scanning with SEP.

Scheduled/Manual scan is very slow after upgrading to SEP -

http://www.symantec.com/business/support/index?pag...

 

best,

Thomas

vikram3500's picture

Full scan takes as low as 45 min to 4-5 hrs depending on data on HDD> For a 100GB HDD, it takes an average of about 2 hours. It takes longer if you have source files, code, zipped files etc...

Fatih Teke's picture

Hello,

by the way i want to add something :)

It is diffrent to have more files in your hard drive or big file folders,

For example in test folder there are 1000 exe files and it only 200 Mb, and another folder test 2 have only one exe and 200 mb. scanning time will be diffrent and will take more time in test folder.

Best Regards.

Fatih

 Everything works better when everything works together.

Sebastian Zink's picture

Thanks for the Comments :)

I will try the KB entry next, seem that it could be the problem ;)

I know that 100GB small files takes longer then one big file, but the problem is a little different:

Same Hardware (Lenovo W500) -> Fresh Image (7,5GB) -> Scan takes about 2h15mins

With Antivirus 10 it takes about 30mins for the Complete Scan!

 

 

I will check the Logging and the rtvscan.exe and try an umangaged client!

 

Greets

Sebastian