Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

SEP Logs Showing Scan in Progress

Updated: 17 Oct 2010 | 4 comments
marlb1's picture
marlb1
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hey,

We have SEP Client version 11.0.5 running on our servers. One in particular is still showing in its logs that a Scan is in progress, and it cannot be manually aborted or deleted.
We have run scans successfully even though this is the case, have tried un-installing and re-installing the client however those scans still remain. Also have tried ending them manually from the Management console with no success.

Any help appreciated.

Cheers

Discussion Filed Under:
, , ,

Comments

Prachand's picture
14
Sep
2010
1 Vote +1
Login to vote
Prachand
Trusted Advisor

Take the Back up the

Take the Back up the Registry

Navigate to HKEY_CURRENT_USER\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks\

These registry keys usually contains one or more tasks. The task ID is random, for example:

HKEY_CURRENT_USER\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks\C9FD1449-694F-40F1-99E5-1976D4279E0D

Delete any custom task that does not have a corresponding entry in the SEP interface, and rescheduled if neccesary.

 

 

Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)

Mudit Kumar's picture
15
Sep
2010
0 Votes 0
Login to vote
Mudit Kumar
Technical Support
Accredited
Certified

Check the following article

Check the following article if this heps

Title: 'The Symantec Endpoint Protection client interface shows that a scan is in progress, but the logs indicate that all scans have completed.'
Web URL: http://service1.symantec.com/support/ent-security....
 

Thanks & Regards,
Mudit Kumar
 

Kurt G.'s picture
15
Sep
2010
1 Vote +1
Login to vote
Kurt G.
Symantec Employee
Accredited

Just to make sure I'm understanding the issue.

You have a SEP client that's logs indicate that a scan is still in progress. When you check the client locally it does not appear that a scan is occuring. If you attempt to run a scan on that particular client machine, the scan runs as expected.

If the above is correct, the following should resolve the issue with the log showing a scan is still in progress.

The erroneous information in the scan log is cosmetic and can be safely ignored.
To remove the entry from the scan log delete the log from the day that the scan occurred.
The log files for the SEP client can be found here:

For Windows NT based systems:
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Logs

For Windows Vista or Server 2008 systems:
C:\ProgramData\Symantec\Symantec Endpoint protection\Logs

Log files may also be found in the user profile.  For example on a Windows Vista machine:
C:\Users\<User Name>\AppData\Local\Symantec\Symantec Antivirus Corporate Edition\7.5\logs

The log files will be listed in a format that incorporates the date of the log in the name of the log file.
For example:
07222009.log is the log file from 07/22/2009, or July 22, 2009.

Regards.
 

Kurt G.
Symantec Technical Specialist: Endpoint Security Advanced Team

Symantec Corporation www.symantec.com

Symantec Enterprise Support: (800) 342 0652 

SOLUTION
marlb1's picture
16
Sep
2010
0 Votes 0
Login to vote
marlb1

Resolved..

Thanks Kurt,

 

You were exactly right, it was erroneous log entries! Safely ignored and deleted.

Cheers everyone.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,017