Endpoint Protection

 View Only

  • 1.  Scan suspended what it's means ?

    Posted Jul 05, 2016 04:02 AM

    p { margin-bottom: 0.1in; line-height: 120%; }

    Hello

    I am getting warnings in logs that scan is suspended / resumed . How should I interpreted it.?

    It is during weekly full scan . I think that when there isn't enough time scan is suspended and resumed after week .

    But I read about some problem with” scan suspended “ and I would like to know if I understand it right .

    Please explain me how full scan work . Is suspended message normal ? Does scan starts from where it stops?

    SEPM version is from March 2016

    Here are logs


    26/06/16 19:29:33 ITM_NT_Event_Log SERVER_NAME Warning  SERVER_NAME - Entry in log: Application saying:Scan Suspended: Risks: 0 Scanned: 594 Files/Folders/Drives Omitted: 0 Trusted Files Skipped: 428


    26/06/16 19:04:15 ITM_NT_Event_Log  SERVER_NAME Warning   SERVER_NAME - Entry in log: Application saying:Scan Suspended: Risks: 0 Scanned: 541 Files/Folders/Drives Omitted: 0 Trusted Files Skipped: 373

    26/06/16 14:47:19 ITM_NT_Event_Log  SERVER_NAME Warning SERVER_NAME - Entry in log: Application saying: Scan Suspended: Risks: 1 Scanned: 3079240 Files/Folders/Drives Omitted: 0 Trusted Files Skipped: 1358

    26/06/16 02:40:32 ITM_NT_Event_Log SERVER_NAME  Warning SERVER_NAME - Entry in log: Application saying: Scan resumed on all drives and all extensions.<EventData><Data>
    Scan resumed on all drives and all extensions.</Data></EventData> Unknown None 1 No SERVER_NAME 2 26/06/16 02:40:32 None

     



  • 2.  RE: Scan suspended what it's means ?

    Posted Jul 05, 2016 08:20 AM

    Do you have the setting configured for "Scan for up to x hours"? If so, it may be hitting this time and suspended if it goes over.



  • 3.  RE: Scan suspended what it's means ?

    Broadcom Employee
    Posted Jul 05, 2016 11:48 AM

    Hi,

    You configure scheduled scans as part of a Virus and Spyware Protection policy. 

     

    Consider the following important points when you set up a scheduled scan for the Windows computers in your security network: 

     

    Multiple simultaneous scans run serially

    If you schedule multiple scans to occur on the same computer and the scans start at the same time, the scans run serially. After one scan finishes, another scan starts. For example, you might schedule three separate scans on your computer to occur at 1:00 P.M. Each scan scans a different drive. One scan scans drive C. Another scan scans drive D. Another scan scans drive E. In this example, a better solution is to create one scheduled scan that scans drives C, D, and E.
     

    Missed scheduled scans might not run

    If your computer misses a scheduled scan for some reason, by default Symantec Endpoint Protection tries to perform the scan until it starts or until a specific time interval expires. If Symantec Endpoint Protection cannot start the missed scan within the retry interval, it does not run the scan.
     

    Scheduled scan time might drift

    Symantec Endpoint Protection might not use the scheduled time if the last run of the scan occurred at a different time because of the scan duration or missed scheduled scan settings. For example, you might configure a weekly scan to run every Sunday at midnight and a retry interval of one day. If the computer misses the scan and starts up on Monday at 6 A.M., the scan runs at 6 A.M. The next scan is performed one week from Monday at 6 A.M. rather than the next Sunday at midnight.

    If you did not restart your computer until Tuesday at 6 A.M., which is two days late and exceeds the retry interval, Symantec Endpoint Protection does not retry the scan. It waits until the next Sunday at midnight to try to run the scan.

    In either case, if you randomize the scan start time you might change the last run time of the scan.

     



  • 4.  RE: Scan suspended what it's means ?

    Posted Jul 06, 2016 05:32 AM

    Hello

    Yes scan is set for 17 h and it is rendomized. So this suspended message, is it normal ? I have moved one server to new group and set scan without randomization, It was scanning for 17 h and then suspended.

    Other serversin previous group  were scanned for about 3 h and then get suspended.

    Daily scan is also set during weekly full scan. Is that could generate  problems ?



  • 5.  RE: Scan suspended what it's means ?

    Posted Jul 06, 2016 09:11 AM

    yes it is normal. have checked whether the server that you moved to a new group has picked up the policy and it has new scan template ?

    the other servers in previous groups may have suspended the scan because of the randomization along with the 17 hour window. 

    I presume by daily scan you mean a quick scan, if that's the case then you are good to go. 



  • 6.  RE: Scan suspended what it's means ?

    Posted Jul 06, 2016 09:33 AM

    Yes, it is hitting the limit you set so it gets suspended. Looks to be normal behaviour.