Endpoint Protection

 View Only

  • 1.  How to stop a scan

    Posted Jan 02, 2011 04:32 PM

    I have a daily complete scan scheduled for 2AM.  The last few days I have noticed that the following morning SEPM status shows that it is still scanning.  Closing SEPM, rebooting, starting and cancelling a scan all fail to stop the problem  Uninstalling and then reinstalling SEPM worked until the first time it started scanning.

    This is coincident with my system freezing up at least one a day and sometimes more often.



  • 2.  RE: How to stop a scan

    Posted Jan 02, 2011 05:02 PM

    Hello;

    you can stop clients scanning in sep manager. monitoring tab > Logs > find your client and cancel all clients.

    And there is a option in Antivirus scan. go to your scan policy and edit your weekly scan.

    You will see "Missed Scheduled Scans" under "Schedule Tab" it means if your weekly scan create to monday and you install client wednesday, client start to scan immeditely. Because sep client look there and try to apply missed scans. therefore your scans start when you install new package.

    You can change this option in there.

    Best Regards.

    Fatih



  • 3.  RE: How to stop a scan

    Posted Jan 02, 2011 07:36 PM

    What time in the morning did you check up on the SEP client?

    Like what Fatih said, you may want to modify the scan behavior from the server.

    I'd like to expand on this: go to Policies > AV/AS > Select the policy and rt-click edit...

    Go to Administrator-defined scans > select the schedule, click on edit >

    Schedule tab. I suggest you untick the 'Missed Scheduled Scans' if your client frequently misses scans.

    Also, I suggest you change the scheduling of full scan from daily to 1/week. You may want to create an Active Scan instead which is a lot faster and takes less resources. Or, create a custom scan to scan specific directories most likely to host malwares during office hours.



  • 4.  RE: How to stop a scan

    Posted Jan 03, 2011 04:55 AM

    As far as I understood, the problem is that a client has already finished the scan but the SEPM is reporting this client as still scanning, right? I have a few questions:

    1. Do you have this problem with one or all clients?

    2. Other log from the client are correctly processed by the console? For example, do you see current definitions on the client from SEPM?

    It seems to be a reporting problem but it is to be determined if it is on SEPM's side or on the client's one.



  • 5.  RE: How to stop a scan

    Posted Feb 09, 2011 04:38 AM

    Hi,

    Client scanning is still running problem with only one client and in SEPM console client is showing in disable mode.

    that reason latest definition is not updated...

    what is the solution???



  • 6.  RE: How to stop a scan

    Posted Feb 09, 2011 05:23 AM

    We first need to stop that  scan.

     

    Go to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\LocalScans, and  under  local scans  you  would  see keys that  have numbers and alphabets both. Delete this key.

     

    That  will stop the  scan.

     

    Now  you  can replace the sylink.xml, and then see  if the  client gets updated or not