Large windows file server scans...
Created: 03 Dec 2012 | 10 comments
We have a requirement to run scheduled scans on all of our servers monthly. Unfortunately, one of our servers is a data server that contains all of our shares for all of our AD groups and users. It has TB's of data and we have attempted scheduled scans, but they have run for 7+days without ever completing. All the log tells us is "Scanning...". so we never know how far the scan is or if it is running at all. We need to have some sort of reporting of the scan completion to prove that we are doing the scans as required. Is there a way to scan this extremely large data server and report on the progress/completion?
Windows 2008 R2 Server /SEP 12.1.1101.401 (RU1 MP1)
Discussion Filed Under:
Comments 10 Comments • Jump to latest comment
So the scan never completes or how long does it actually run? Or it sounds like it just never completes?
SEP Knowledge Base
Endpoint SWAT
We can never tell if the scan is still running, stalled\hung, etc. Our last scan ran from the 11/21 until last night. We had to restart the server due to some vulnerability patches that needed to be applied. We checked the SEP log and it still shows it as "Scanning...", but no other info is available (# files scanned, etc.). We can't find any other means to telling us what is going on with the scan when it's supposively still running or not.
Are you seeing CPU utilisation by ccSvcHst.exe process in task manager when the scan appears to be running?
SEP Knowledge Base
Endpoint SWAT
We started running another scan on the server this morning. I can see one of the ccSvcHst.exe processes (there are 3 of them) and the one running under SYSTEM is using the CPU and Memory. I can't speak for the scan we had running previously.
You can adjust the scan duration so it stops after x amount of hours if that is an option for you:
SEP Knowledge Base
Endpoint SWAT
It must be a FULL scan...we've already tried to do it on non-business hours, etc. It never completes. I know it's a lot of data to scan, but it's a requirement...at least ONCE. We've never been able to accomplish a completely successful FULL scan.
How many TBs of data are we talking about? 10s? 100s?
If a server takes more than 7 days to run, basically, it will never stop. So therefore, you won't really have a log of what's going on.
You can log all files/directories scanned by SEP, see here:
https://www.symantec.com/business/support/index?pa...
Should also apply to 12.1 as well. But I imagine this file can get pretty big scanning TBs of data.
SEP Knowledge Base
Endpoint SWAT
if you check the logs , does it stick to the status "Scanning"
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
The log says "Scanning" but doesn't update the files scanned, etc.
Follow the step proposed by Brian, log the directories will know if its scanning or not.
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Would you like to reply?
Login or Register to post your comment.