Endpoint Protection

Wasn't sure from either a troubleshooting method (turning on some logging option to see stats on files being scanned), or something similar to McAfee had (or may still have) about last file scanned.

Trying to help verify some items and that additional bit of insight on a workstation would be handy.

Sorry if this has been discussed, but my search results seemed to cover more GUP monitoring, etc.

Thanks.

You can do that for full scan or manual scan, but not for auto protect to see the real time you need to open the SEP interface and see it as it does not log

How to enable "Vpdebug Logging" on Symantec Endpoint Protection 11.0, 12.1, and 12.1 RU1

http://www.symantec.com/business/support/index?page=content&id=TECH102939

You need to enable vpdebugging to see what is being scanned

OK, I've enabled the VPDebugging per the instructions that Rafeeq referred to in TECH102939.

I see in the debug logs some information about the signature update, etc.

But I don't see any information about which files were scanned.

I finally found the last file scanned option in the client:

 - Virus and Spyware Protection - Options - View File System AutoProtect Statistics.

Just would be nice to see more log if possible in case of 10 files being scanned at once, hard to see which ones were in the batch vs the last one.

Thanks.

You can see what to look for per this article:

How to log all files and directories scanned during on-demand / Scheduled Scan with Symantec Endpoint Protection 11.x and 12.1

But that only covers on-demand or scheduled scans, not on-access.

Far as I know vpdebug doesn't show AP events. There's the section you mentioned within SEP to show AP events or you can configure process monitor to record them:

http://www.symantec.com/docs/TECH98079