Endpoint Protection

 View Only
  • 1.  How to monitor RTVSCAN.exe

    Posted Aug 31, 2011 01:33 PM

    I have a user that is experiencing a very slow system scan. Within the SEPM I believe I have done everything to improve performance as much as I possibly can. I want her to not to notice this scan is running on her machine. She is running Xp and 11.MP3 with only Antivirus and Antispyware enabled. The CPU usuage is high but she mentions often that this is affecting her performance on her machine and I need to know how to effectively monitor this process to target what is going on for her.

     



  • 2.  RE: How to monitor RTVSCAN.exe

    Posted Aug 31, 2011 01:57 PM

    upgarde to 11.0.6 and check the version.



  • 3.  RE: How to monitor RTVSCAN.exe

    Trusted Advisor
    Posted Aug 31, 2011 01:58 PM

    Hello,

    Make sure you are carrying the Latest version of SEP 11.0.6300.

    Are there any Network mapped drives on the machine??

    Exclude the mapped network drives from scheduled scans on SEP clients.

    Instead, perform scheduled scans on these drives from the server to which they are attached.

    http://www.symantec.com/docs/TECH97017



  • 4.  RE: How to monitor RTVSCAN.exe

    Posted Sep 06, 2011 05:06 PM

    We are on 11.06 MP3 Rafeeq



  • 5.  RE: How to monitor RTVSCAN.exe

    Posted Sep 06, 2011 05:08 PM

    We are using the latest version of 11MP3. The machine does have network mapped drives. They are not being scanned already with SEP clients. We only use antivirus and antispyware part of Endpoint protection. We already do your suggestion but thank you.

     

    I need to know how to monitor this process what settings to set in perfmon.



  • 6.  RE: How to monitor RTVSCAN.exe

    Posted Sep 06, 2011 05:42 PM

    Technically speaking, RU6 MP3 is not the latest version. RU7 (11.0.7000.975) or SEP 12.1 would be the latest.

    I want her to not to notice this scan is running on her machine.

    You can try using the 'scan tuning options' document noted below, but even with 'best application performance' chosen, there is bound to be some kind of performance hit when a scheduled scan is running during those times she's working. In all honesty your best bet is to run the scan after hours (provided she is not habitually turning the machine off at night) and/or disable scanning of compressed files (scanning compressed files makes the scan take longer, it's processor intensive, and the contents of the compressed files would be scanned by Auto-Protect when uncompressed).

    Symantec Endpoint Protection scan tuning options
    http://www.symantec.com/docs/TECH105706

    This may also be of use:

    Symantec Endpoint Protection Client configuration changes for performance optimization
    http://www.symantec.com/docs/TECH102711

    I need to know how to monitor this process what settings to set in perfmon.

    I don't really have advice on Performance Monitor settings, but if you're looking to throttle the process, use the scan tuning options.

    sandra



  • 7.  RE: How to monitor RTVSCAN.exe

    Posted Sep 06, 2011 07:52 PM

    Tuning the configuraiotn will help, If this only happened on few machines, I would recommend to run some tools to check what rtvscan attempted to scan, filemon, regmon and others are pretty good tools to start with.  



  • 8.  RE: How to monitor RTVSCAN.exe
    Best Answer

    Posted Oct 10, 2011 05:04 PM

    I have tried to adjust the configuration settings within the SEPM and this had no affect whatsoever on her machine per the user. I finally opened a case with support and after nearly a month received a response:

     

     

    1.How to Configure Sysinternals' Process Monitor to Record Symantec's Auto-Protect Events

    http://www.symantec.com/business/support/index?page=content&id=TECH98079

    References
    Sysinternals / Microsoft page on Process Monitor: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

    Sysinternals / Microsoft page on Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

    Also check if this Information is Useful for you.

    VPdebug will tell you about RTVScan's activities, including what files are being scanned.

    2.How to enable "Vpdebug logging" on Symantec Endpoint Protection 11.0

    http://service1.symantec.com/SUPPORT/ent-security....