Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

vpdebug log : how to correlate entries in the log to actions in sep

Created: 30 Dec 2013 | 2 comments

Hi All ,

i've been searching for detailed info about understanding the vpdebug log content.

i want to be able to correlate vpdebug log info to sep action or functions like sonar , rtvsacn ,.....

for instance who can tell me whic hprocess within sep in responsable for the following lines in the vpdebug log file :

20:42:04.728393[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  ProcessID 280, bScanMemory = 0, bRecomandScan = 1
20:42:04.728614[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  pProcessPath c:\program files\citrix\system32\ctxsvchost.exe
20:42:04.728775[_5304][_1412]| CHPPEraserEngineCallback::PreProcessDetection - Process already hashed rescanning.
20:42:04.731672[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  ProcessID 424, bScanMemory = 0, bRecomandScan = 1
20:42:04.731833[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  pProcessPath c:\windows\system32\smss.exe
20:42:04.731954[_5304][_1412]| CHPPEraserEngineCallback::PreProcessDetection - Process already hashed rescanning.
20:42:04.732940[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  ProcessID 472, bScanMemory = 0, bRecomandScan = 1
20:42:04.733081[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  pProcessPath c:\windows\system32\csrss.exe
20:42:04.733202[_5304][_1412]| CHPPEraserEngineCallback::PreProcessDetection - Process already hashed rescanning.
20:42:04.733946[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  ProcessID 496, bScanMemory = 0, bRecomandScan = 1
20:42:04.734067[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  pProcessPath c:\windows\system32\winlogon.exe
20:42:04.734208[_5304][_1412]| CHPPEraserEngineCallback::PreProcessDetection - Process already hashed rescanning.
20:42:04.737024[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  ProcessID 544, bScanMemory = 0, bRecomandScan = 1
20:42:04.737185[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  pProcessPath c:\windows\system32\services.exe
20:42:04.737306[_5304][_1412]| CHPPEraserEngineCallback::PreProcessDetection - Process already hashed rescanning.
20:42:04.738574[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  ProcessID 556, bScanMemory = 0, bRecomandScan = 1
20:42:04.738735[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  pProcessPath c:\windows\system32\lsass.exe
20:42:04.738896[_5304][_1412]| CHPPEraserEngineCallback::PreProcessDetection - Process already hashed rescanning.
20:42:04.739680[_5304][_1412]|CHPPEraserEngineCallback::PreProcessDetection:  ProcessID 708, bScanMemory = 0, bRecomandScan = 1

Operating Systems:

Comments 2 CommentsJump to latest comment

Rafeeq's picture

ccsvshst.exe is the responsible engine for all the log activities in the vpdebug log manual scan or scheduled scan would that be

pete_4u2002's picture

do an eicar test with vpdebug on and check the results. it will give the information about the detection.