Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

vpdebug log : how to correlate entries in the log to actions in sep

Created: 30 Dec 2013 | 2 comments

Hi All ,

i've been searching for detailed info about understanding the vpdebug log content.

i want to be able to correlate vpdebug log info to sep action or functions like sonar , rtvsacn ,.....

for instance who can tell me whic hprocess within sep in responsable for the following lines in the vpdebug log file :

20:42:04.728393[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  ProcessID 280, bScanMemory = 0, bRecomandScan = 1
20:42:04.728614[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  pProcessPath c:\program files\citrix\system32\ctxsvchost.exe
20:42:04.728775[_5304][_1412]| CHPPEraserEngineCallback::PreProcessDetection - Process already hashed rescanning.
20:42:04.731672[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  ProcessID 424, bScanMemory = 0, bRecomandScan = 1
20:42:04.731833[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  pProcessPath c:\windows\system32\smss.exe
20:42:04.731954[_5304][_1412]| CHPPEraserEngineCallback::PreProcessDetection - Process already hashed rescanning.
20:42:04.732940[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  ProcessID 472, bScanMemory = 0, bRecomandScan = 1
20:42:04.733081[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  pProcessPath c:\windows\system32\csrss.exe
20:42:04.733202[_5304][_1412]| CHPPEraserEngineCallback::PreProcessDetection - Process already hashed rescanning.
20:42:04.733946[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  ProcessID 496, bScanMemory = 0, bRecomandScan = 1
20:42:04.734067[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  pProcessPath c:\windows\system32\winlogon.exe
20:42:04.734208[_5304][_1412]| CHPPEraserEngineCallback::PreProcessDetection - Process already hashed rescanning.
20:42:04.737024[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  ProcessID 544, bScanMemory = 0, bRecomandScan = 1
20:42:04.737185[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  pProcessPath c:\windows\system32\services.exe
20:42:04.737306[_5304][_1412]| CHPPEraserEngineCallback::PreProcessDetection - Process already hashed rescanning.
20:42:04.738574[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  ProcessID 556, bScanMemory = 0, bRecomandScan = 1
20:42:04.738735[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  pProcessPath c:\windows\system32\lsass.exe
20:42:04.738896[_5304][_1412]| CHPPEraserEngineCallback::PreProcessDetection - Process already hashed rescanning.
20:42:04.739680[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  ProcessID 708, bScanMemory = 0, bRecomandScan = 1

Operating Systems:

Comments 2 CommentsJump to latest comment

Rafeeq's picture

ccsvshst.exe is the responsible engine for all the log activities in the vpdebug log manual scan or scheduled scan would that be

pete_4u2002's picture

do an eicar test with vpdebug on and check the results. it will give the information about the detection.