Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Scan omissions

  • 1.  Scan omissions

    Posted Mar 20, 2010 02:17 PM
    Can someone explain to me why there are scan omissions during scheduled FULL scans? I understand there is an issue with busy and or compressed files. For example, on a client one scheduled scan reported 2,848,810 files and the other 1,085,105 files; a difference of 1.7 million files!?

    Thanks!


  • 2.  RE: Scan omissions

    Posted Mar 21, 2010 02:17 AM
    Hi Rick,

    Can I ask what product your running SAV or SEP? Also I am a little confused about your question because you should never be seeing 1.7 million files as "files omitted". So my question is does it actually say that 1.7 million files were skipped or are more files simply being scanned on some systems but not others. If the second is true it might just be that the machine has that many more files in it. This could account for the difference in the number of files scanned. It might also be helpful to know which report you are seeing this information in.

    Thanks Rick,
    Grant


  • 3.  RE: Scan omissions

    Broadcom Employee
    Posted Mar 21, 2010 10:45 AM
    there could be decompressiung error while extracting. May be vpdebug will inform why the number of files scanned are less in number.

    Is there any exclusion in the last scan and the present scan?


  • 4.  RE: Scan omissions

    Posted Mar 21, 2010 10:49 AM

    Thanks for the reply Grant-

    SEP MR5...Here is a copy of scheduled scans for the last 3 weeks. I guiess it doesn't state omissions per say but what else could it be? I haven't drastically removed files from my PC; snapshot from log file below.

    Started On Completed Computer Status Total Files Infected Logged By
    3/2/2010 8:00 3/2/2010 12:36 mycomputer Clean 2848810 0 Scheduled scan
    3/9/2010 6:15 3/9/2010 7:16 mycomputer Clean 178263 0 Scheduled scan
    3/16/2010 8:31 3/16/2010 9:25 mycomputer Clean 1085105 0 Scheduled scan
     


  • 5.  RE: Scan omissions

    Posted Mar 21, 2010 10:57 AM
    For debugging skipped files in SEP 11, what flags should I set? Thanks!


  • 6.  RE: Scan omissions

    Posted Mar 21, 2010 02:43 PM
    All skipped file will show up in Event Viewer App logs.
    With Could not scan warning


  • 7.  RE: Scan omissions

    Posted Mar 21, 2010 05:35 PM
    Thanks for posting this, very clear now. At first  I thought you were talking about the difference between multiple computers. Please check out Vikram's post below and let us know if there were any missed file warnings in the event viewer. 

    Thanks!
    Grant


  • 8.  RE: Scan omissions

    Posted Mar 21, 2010 07:59 PM
    Thanks! This explains a lot. From a fast pass of love files it looks like all decomposer engine issues. I've looked for SEP info regarding this but find Enterprise related info.

    Thanks for all yout time!


  • 9.  RE: Scan omissions
    Best Answer

    Posted Mar 21, 2010 08:27 PM
    Here are some of the more common reasons you see these errors

    • The archive is encrypted and password protected
    • The archive is compressed in a format unknown to the Decomposer engine
    • The archive has additional compression layers that exceed the threshold set for the scan
    • The hard drive used by Decomposer does not have adequate space to properly expand and scan the contents of the archive

    If any of these seem like they could be the issue please let us know. My guess is that the only one that makes sense is the last one simply because of the massive amounts of files you are seeing skipped. However it could also be due to the files being in use (unlikely due to amount of files) OR your virus definitions being corrupt (possible).

    How to clear out corrupted definitions for a Symantec Endpoint Protection Client manually.

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/691fb01f62f2a700882573c2006d6de7?OpenDocument

    h    ope this helps
    Grant


  • 10.  RE: Scan omissions

    Posted Mar 21, 2010 10:50 PM
    Thanks Grant-

    I have 106 gig free on my drive and looking at event logs there are a few thousand files getting skipped by decompose engine. Deducing, it must be corrupted defs. Argh! This is nearly a fresh install; only 2 months old. I wonder how often defs get hosed? I wonder if I need to be looking at an alternative solution to SEP


  • 11.  RE: Scan omissions

    Posted Mar 21, 2010 11:23 PM
    I can't say for sure how often the defs get corrupted. We see it maybe once a week or so in the forums but again this is a help forum that users only frequent when they are experiencing an issue so that is not a very good estimate. Personally on my two computers that run SEP it has never happened (almost 2 years). The process is fairly quick to get it cleared up, it should take less than five minutes or so. 

    I posted the guide above. Please come back and let us know how it turned out.

    Thanks
    Grant


  • 12.  RE: Scan omissions

    Posted Mar 22, 2010 02:37 AM
    Reason for files getting omitted

    "Could not scan [#] files inside [path][filename] due to extraction errors encountered by the Decomposer Engines" during a scan

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002073015235648


  • 13.  RE: Scan omissions

    Posted Apr 23, 2010 05:55 PM
    I also noticed manual scan and shceduled scan have difference numbers of scanning files on my machine.

    Is anybody else expeirencing the same problem?


  • 14.  RE: Scan omissions

    Posted Apr 24, 2010 07:26 PM
    Hi MXU,

    It would be great if you could open a new thread on your issue. This one is already solved and will be ignored by most users in our forums. If you feel this thread is related then simply provide a link back to it. In your new post you should mention if you already tried the advice given in this thread.

    thanks
    Grant