SEP 11 RU6 MP3: Random unscheduled scan?
Created: 19 Jan 2012 | 15 comments
Hi All,
We meet again. Happen that one of our user had his SEP run random full scan out of nowhere.... below is our current settings:
1) Scheduled full scan at Friday afternoon
2) Retry after 3 days...
Today is Thursday....means its already past the 3 days set...
Any way we can check what instructed SEP to run full scan?
regards
Discussion Filed Under:
Comments
Hi, Mentioned issue is
Hi,
Mentioned issue is resolved in RU7, Check RU7 release notes,
http://www.symantec.com/business/support/index?pag...
Unexpected scheduled scans after client migration
Thanks and Regards,
Chetan Savade
Technical Support Analyst,
End Point Security, Enterprise Technical Support
Hi Chentan, Thanks for the
Hi Chentan,
Thanks for the info.
What if the user directly install RU6 MP3? and then the problem happen?
Is there any Registry/logs that we can check why SEP been triggered to run full scan?
Hi, I believe for fresh
Hi,
I believe for fresh install there should not be any issue.
You can test with 2-3 clients.
In your environemnt it's happening after upgrade or it's a fresh install ?
Thanks and Regards,
Chetan Savade
Technical Support Analyst,
End Point Security, Enterprise Technical Support
Hi Chetan, What i mean is,
Hi Chetan,
What i mean is, user directly install to ru6 mp3... not upgrading..
From the change log issue seems to occured when user migrated?
Hi cus000,Is there any
Hi cus000,
Yes, as per change log it was seen after migration.
Is there any update on same ?
Thanks and Regards,
Chetan Savade
Technical Support Analyst,
End Point Security, Enterprise Technical Support
To check if there was a full
To check if there was a full scan trigged . You could check the scan logs .
SEP client > view logs > Scan logs
Don't forget to mark your thread as 'solved' or vote with the answer that best helped you!
What will happen when a scan
What will happen when a scan is delayed?
Will it retry past the retry limits set in SEPM? (lets say we set retry after 3 days)
Hi cus000, It would retry as
Hi cus000,
It would retry as per retry schedule.
Thanks and Regards,
Chetan Savade
Technical Support Analyst,
End Point Security, Enterprise Technical Support
Try the foll
Try the foll utility.
http://www.symantec.com/business/support/index?page=content&id=TECH105319
For manual schedule scan registry info.....
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\LocalScans
Under Local Scans look for an alpha number folder - expand and click on schedule value
Schedule value - will show
1. scan name
2. mins of day
3. max pause
4. missed event enabled
5. day of week
Alpha numeric folder - will show
1. Description - Scan type
2. First and Second Action
3. Zip file scan status
4. Zip file scan depth
5. Scan load points
6. Scan all drive value - 0 or 1
Ok lets me show you all
Ok lets me show you all something...
Please refer to attachment below, any explanation why there's 1 scan pending and 1 scan in progress on the same date?
This is after I've run the SymRmvscan tool....
the scan in progress, is it a
the scan in progress, is it a scheduled scan?
No, we schedule it at 12.30pm
No, we schedule it at 12.30pm to be exact... looks like a delayed scan
Go to the below location and
Go to the below location and see if the scheduled time there is matching the one you have.
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\LocalScans\01493630-79f7-4c70-002b-16b8952f5245
The blocked moniker may change
Hi NRaj, What do you mean by
Hi NRaj,
What do you mean by "the blocked moniker may change"
Is it the SEP registry key for scheduled scan?
Hi All, I have to bump this
Hi All,
I have to bump this topic.
1) Will Windows UAC somehow block SEP scheduled scan?
2) If user is logged out from Windows, will communication between the SEP client and SEPM affected?
Would you like to reply?
Login or Register to post your comment.