Endpoint Protection

 View Only

  • 1.  Scan starts after update completes daily

    Posted Jun 16, 2012 08:51 AM

    Hi All,

    We are using SEP 11 RU 7.
    We have not scheduled any scans.
    But only in one managed system, Scan is starting daily morning when the updates are downloaded.

    Please help us.

     

    Thanks & Regards

    Vamsi



  • 2.  RE: Scan starts after update completes daily

    Broadcom Employee
    Posted Jun 16, 2012 09:46 AM

    it looks like active scan is enabled, check this link to disable it

    http://www.symantec.com/business/support/index?page=content&id=TECH106098

     



  • 3.  RE: Scan starts after update completes daily

    Posted Jun 16, 2012 10:45 AM

    Hi Pete,

    Thanks for the reply.

    We have not enabled "Run startup scans when users log on & Run an Active scan when new definitions arrive" options.

    The problem system is a member of group which contains more than 500 systems.
    All other systems of the same group are working fine.
    The problem system is updating regularly without fail. But whenever updated it is starting the scan and it is consuming more CPU resource. So the user is unable to work properly.



  • 4.  RE: Scan starts after update completes daily

    Broadcom Employee
    Posted Jun 16, 2012 10:50 AM

    did you check is it full scan? and it is immediately after update?

    can you post the scan log?

    is the client reporting to the sepm? is it having the same policy as other clients?

     



  • 5.  RE: Scan starts after update completes daily

    Posted Jun 16, 2012 11:57 AM

    Yes it is full scan and it is immediately after update.

    Right now user is not available.
    He will come back on Monday. I can send you the scan log on the same date.

    Is it possible to check the scan settings on client side, in any file...?



  • 6.  RE: Scan starts after update completes daily

    Posted Jun 16, 2012 12:36 PM

    At client side, you can do the following:

    1. Scan log: View Logs > Virus and Spyware Protection/View Logs > Scan Log.
    2. Double-check if the client is really in the proper group: Help > Troubleshooting, then compare the policy serial number of the client with the serial number of the group (SEPM > Clients > [select group] > Details > Policy Serial Number)
    3. Have a look at the defined scans: Scan for Threats.
      If you right-click on a scan and you cannot edit or delete, it's a scan defined by SEPM.
    4. DoScan: Run "C:\Program Files\Symantec\Symantec Endpoint Protection\DoScan.exe /list", which shows the defined scans. Sometimes it shows more than the "Scan for Threats" view.

    HTH!



  • 7.  RE: Scan starts after update completes daily

    Broadcom Employee
    Posted Jun 16, 2012 01:04 PM

    Examine client registry for scheduled scan information
    To verify whether any scheduled scans exist in the registry for that client, navigate to 

     HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Local Scans\*



  • 8.  RE: Scan starts after update completes daily

    Posted Jun 17, 2012 08:31 AM

    check scan log