Video Screencast Help

SEP in FileStore

Created: 02 Nov 2011 • Updated: 08 Nov 2011 | 5 comments
This issue has been solved. See solution.


I need to have report from SEP included in FileStore.

Actually, i have no solution to known if a scan h rformed, and i need to have a confirmation to said : "The SEP ran normaly, but it didn't found anything".

I try to install SEP Manager on a windows, but i can't deploy a client. The liveUpdate Manager is just for signatures, not for report.

Anybody knowns how to have daily report of the SEP activity ?

Thank you. 

Discussion Filed Under:

Comments 5 CommentsJump to latest comment

Sean Craig's picture

Hi Loic,

You are correct that there's limited reporting for the AV module.  Look to have this updated in our next major release.



teiva-boy's picture

IIRC it's just AV for Linux under SUSE.

That said, I think you can syslog it and capture it with other security tools, Symantec's own SSIM comes to mind...

There is an online portal, save yourself the long hold times. Create ticket online, then call in with ticket # in hand :-) "We backup data to restore, we don't backup data just to back it up."

SoCalSYM's picture

At the command line, you can go into "AntiVirus" subcommand, then type "quarantine list" to see what files have been put into quarantine.  "show logs" will display the following:


maybe this will help you find what you need.


Loic Bouquet's picture


I have found information in the system :

SFS01_01:/var/symantec/Logs # ls -lrt
total 48
-rw------- 1 root root 2923 Oct 12 23:18 10122011.log
-rw------- 1 root root 1788 Oct 24 19:07 10242011.log
-rw------- 1 root root  827 Oct 25 00:01 10252011.log
-rw------- 1 root root  415 Oct 26 17:16 10262011.log
-rw------- 1 root root  415 Oct 28 17:16 10282011.log
-rw------- 1 root root  415 Oct 30 17:16 10302011.log
-rw------- 1 root root  415 Nov  1 17:16 11012011.log
-rw------- 1 root root 1739 Nov  2 17:16 11022011.log
-rw------- 1 root root  534 Nov  3 01:39 11032011.log
-rw------- 1 root root  417 Nov  4 17:16 11042011.log
-rw------- 1 root root  417 Nov  6 17:16 11062011.log
-rw------- 1 root root  417 Nov  8 17:16 11082011.log
SFS01_01:/var/symantec/Logs # tail 11082011.log

290A08111002,3,2,1,SFS01_01,root,,,,,,,16777216,"Scan started on selected drives and folders and all extensions.",1320768966,,0,,,,,0,,,,,,,,,,,,,,,,00:50:56:a9:00:00,,,,,,,,,,,,,,,,,0,,,,

290A08111004,2,2,1,SFS01_01,root,,,,,,,16777216,"Scan Complete:  Threats: 0   Scanned: 108   Files/Folders/Drives Omitted: 0",1320768966,,0,0:0:108:0,,,,0,,,,,,,,,,,,,,,,00:50:56:a9:00:00,,,,,,,,,,,,,,,,,0,,,,

SFS01_01:/var/symantec/Logs # tail 11062011.log

290A06111002,3,2,1,SFS01_01,root,,,,,,,16777216,"Scan started on selected drives and folders and all extensions.",1320596165,,0,,,,,0,,,,,,,,,,,,,,,,00:50:56:a9:00:00,,,,,,,,,,,,,,,,,0,,,,

290A06111004,2,2,1,SFS01_01,root,,,,,,,16777216,"Scan Complete:  Threats: 0   Scanned: 108   Files/Folders/Drives Omitted: 0",1320596165,,0,0:0:108:0,,,,0,,,,,,,,,,,,,,,,00:50:56:a9:00:00,,,,,,,,,,,,,,,,,0,,,,

SFS01_01:/var/symantec/Logs #
Like you see, it's possible to performe some verification about automatic scans ;)
My schedules are like this :
SFS01> antivirus job show

Jobname   FS       State      Minute Hour Day Month WeekDay Preferrednode
=======   ===   ========== ====== ==== === ===== ======= =============
Scan      fs_demo    SCHEDULED     15     17   *    *      *

I'm not agree with you, because if your first action is clean, you did not seen the cleaning action, only the quarantine action.


SFS01> antivirus quarantine list
QID               Quarantine file
----------------- ----------------
SFS01_01_5B700000 /vx/fs_demo/
SFS01_01_EB700004 /vx/fs_demo/
SFS01_01_EB700002 /vx/fs_demo/
SFS01_01_1B700000 /vx/fs_demo/
SFS01_01_EB700000 /vx/fs_demo/Test Virus.txt
SFS01_01_EB700001 /vx/fs_demo/
SFS01_01_EB700003 /vx/fs_demo/
SFS01_01_BB700000 /vx/fs_demo/
SFS01_02_2B700000 /vx/fs_demo/AA_ReferentielDocumentation/
SFS01> antivirus quarantine info
Please wait ... It will take some time ...
Item:           5B700000
Description:    /vx/fs_demo/
Full Path:      /vx/fs_demo/
Log Line:       290919000103,5,1,1,SFS01_01,root,,/vx/fs_demo/,1,1,1,2147483647,33571876,"",1319493664,,0,,1534066688,0,0,0,0,,,,,0,0,,0,,,,,,,,,,,,,,,,,,,,,,,,0,,,0,
Flags:          INFECTED
Quarantined:    Tue Oct 25 00:01:03 2011
Created:        Tue Oct 25 00:01:03 2011
Last Accessed:  Tue Oct 25 00:01:03 2011
Last Modified:  Mon Oct 24 19:08:59 2011
Truncked output.


Sean Craig's picture

Hi Loic,

As a reminder (also for others who find this thread later), command-line access to FileStore is via the CLI using FileStore admin users.  Shell access (as you've shown above) is limited to Support should any debugging be required.