Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Scan Suspended or missed

Created: 19 Oct 2012 | 4 comments

We run scheduled full scan on VMs with Randomize scan start time within this period  option enabled,

Q1:Some VMs cannot complete full scan in two scan sessions with Scan Suspended status.Checked the Completed time, it is not suspended at the end of scheduled window.Some VM has received the scan job, but did not run. Can you guide us how to check the reason why scan suspended or missed? Is there any related log on client or SEPM can use to anlayse the problem?

Q2:We want to check the percentage of the suspended scan job and the last scan file name, but cannot find them in scan report in SEPM and the event on client. Please show us how to find these information of scan result . If report cannot do these, can find the related value in Database?

Comments 4 CommentsJump to latest comment

Chetan Savade's picture

Hi,

You can refer Vpdebug.log to troubleshoot scan related issue.

  • This log is useful for identifying problems with Rtvscan failing to start, AV engine failures, definition failures, and scanning issues.
  • Search for the keywords “Error” and “Failed” to identify problems.
  • The logs can be found at the mentioned path  For 11.0 "C:\Program Files\Symantec\Symantec Endpoint Protection" by default and for 12.1 "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint

How to enable "Vpdebug Logging" on Symantec Endpoint Protection 11.0, 12.1, and 12.1 RU1

http://www.symantec.com/docs/TECH102939

Randomizing scans to improve computer performance in virtualized environments

http://www.symantec.com/docs/HOWTO55262

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SymQNA's picture

Hi Chetan

How about Q2?  I am waiting for answer. Thank you.

Q2:We want to check the percentage of the suspended scan job and the last scan file name, but cannot find them in scan report in SEPM and the event on client. Please show us how to find these information of scan result . If report cannot do these, can find the related value in Database?

 

pete_4u2002's picture

you can pull report for the scan suspended, however to identify the last file scanned, you need to enable VPdebug

Chetan Savade's picture

Hi,

Q2:We want to check the percentage of the suspended scan job and the last scan file name, but cannot find them in scan report in SEPM and the event on client. Please show us how to find these information of scan result . If report cannot do these, can find the related value in Database?

--> We can't find the percentage of the suspended scan job report through SEPM. It's not possible to find related value in the database as well.

To know last scan file you can refer vpdebug logs.

You can create a new idea & put a request for product enhancement.

https://www-secure.symantec.com/connect/security/i...

http://service1.symantec.com/DISCUSS/SUPPORT/feedb...

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<