Endpoint Protection

 View Only

  • 1.  Scan Suspended or missed

    Posted Oct 19, 2012 04:42 AM

    We run scheduled full scan on VMs with Randomize scan start time within this period  option enabled,

    Q1:Some VMs cannot complete full scan in two scan sessions with Scan Suspended status.Checked the Completed time, it is not suspended at the end of scheduled window.Some VM has received the scan job, but did not run. Can you guide us how to check the reason why scan suspended or missed? Is there any related log on client or SEPM can use to anlayse the problem?

    Q2:We want to check the percentage of the suspended scan job and the last scan file name, but cannot find them in scan report in SEPM and the event on client. Please show us how to find these information of scan result . If report cannot do these, can find the related value in Database?



  • 2.  RE: Scan Suspended or missed

    Broadcom Employee
    Posted Oct 19, 2012 07:41 AM

    Hi,

    You can refer Vpdebug.log to troubleshoot scan related issue.

    • This log is useful for identifying problems with Rtvscan failing to start, AV engine failures, definition failures, and scanning issues.
    • Search for the keywords “Error” and “Failed” to identify problems.
    • The logs can be found at the mentioned path  For 11.0 "C:\Program Files\Symantec\Symantec Endpoint Protection" by default and for 12.1 "C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint

    How to enable "Vpdebug Logging" on Symantec Endpoint Protection 11.0, 12.1, and 12.1 RU1

    http://www.symantec.com/docs/TECH102939

    Randomizing scans to improve computer performance in virtualized environments

    http://www.symantec.com/docs/HOWTO55262



  • 3.  RE: Scan Suspended or missed

    Posted Oct 22, 2012 02:26 AM

    Hi Chetan

    How about Q2?  I am waiting for answer. Thank you.

    Q2:We want to check the percentage of the suspended scan job and the last scan file name, but cannot find them in scan report in SEPM and the event on client. Please show us how to find these information of scan result . If report cannot do these, can find the related value in Database?

     



  • 4.  RE: Scan Suspended or missed

    Broadcom Employee
    Posted Oct 22, 2012 02:37 AM

    you can pull report for the scan suspended, however to identify the last file scanned, you need to enable VPdebug



  • 5.  RE: Scan Suspended or missed

    Broadcom Employee
    Posted Oct 22, 2012 05:00 AM

    Hi,

    Q2:We want to check the percentage of the suspended scan job and the last scan file name, but cannot find them in scan report in SEPM and the event on client. Please show us how to find these information of scan result . If report cannot do these, can find the related value in Database?

    --> We can't find the percentage of the suspended scan job report through SEPM. It's not possible to find related value in the database as well.

    To know last scan file you can refer vpdebug logs.

    You can create a new idea & put a request for product enhancement.

    https://www-secure.symantec.com/connect/security/ideas

    http://service1.symantec.com/DISCUSS/SUPPORT/feedback2.nsf/product+feedback