Awhile back (around two weeks) I took out an old USB drive I had and sifted through some of my old files aiming to clean out some of them to free up some space. After opening an old animation file and closing it Windows Action Center told me that Symantec Endpoint Protection was out of date and my computer was unprotected, which was weird as I had ran several Active scans earlier that day and Symantec itself was still reporting no problems. I immediately yanked the USB and tried to run another active scan. The scan completed instantly and scanned 0 files. I then did a system restore to the previous day. Then Symantec finally reported something was wrong as it was missing virus definitions and it automatically ran Liveupdate in the background and fixed itself after 20-30 minutes. A full scan at this point turned up nothing and a run of Kapersky's rootkit utility also showed nothing. The next Day I went through and ran Window's Disk Cleanup to make sure I got rid of any temporary files and immediately after I tried to run an Active scan through Symantec, The scan started, ended immediately after scanning 0 files, and windows gave me the little po-up from the toolbar that my antivirus was out of date and my computer was unprotected. I did system restore again and after giving Symantec 20-30 minutes for live update to run it was fixed. I thought that was the end of it, till yesterday when searching around the internet a link a website I was unfamiliar with. I got a "display device driver has stopped working and has recovered" message. I exited the site quickly, deleted my temporary internet files and proceeded to run an acitve scan. Which stopped after 0 files and the Window's Action Center once again immediately said my antivirus definitions were out of date and my computer was unprotected. Live update did not pick up any new virus definitions to dowload at this point and the virus definitions were current up to the day before, Symantec itself was still giving the all green though the active scan still stopped after 0 files. I restarted hoping that would give Symantec the reboot to notice any missing virus definitions and reupdate them accordingly. Except after the computer started back up everything was working again, the active scan once again worked fine. A few hours later I was running another active scan before shutting down and the active scan stopped after 0 files and that same pop-up from the toolbar appeared. I restarted, and once again everything was back in order. At this point I ran Liveupdate and it picked up and downloaded two updates and it seems to be fine now. I am somewhat concerned over this issue, it just seems to jump up occasionaly when I start a scan and just restarting my computer seems to get everything working again. Is this an issue with the updates not installing correctly or do I have some sort of wierd bug that targets only my antivirus? Next time this happens I plan on reinstalling Symantec but I'm hoping someone else knows what happening before I try that. All other parts of the computer are running fine, its just the antivirus that seems to be acting up occasionaly.

What's the exact version of SEP you're running and is this an unmanaged client (non-work)?

Might be an issue with the client if you are still with version 11.0, the latest version is 12.1.4 

if thats the case please upgrade

Symantec Endpoint Protection client manual or scheduled full scan shows 0 files scanned, scan ends after only a couple of minutes.

I am using 12.1.4, and it is unmanaged. After some additional thought I suspect the problem is along the lines of the client having an update error, because the issue never show up until I run a scan. When I try to run an Active Scan it reads the failed updated definitions as out-of-date/corrupted, the scan finishs at 0 file scanned, and then windows points it out. When I run liveupdate at this point it shows no new updates but after a restart and manually activating liveupdate it finds and loads the new updated definitions correctly and I seem to have no problems afterwards. Or at least till later on. It doesn't happen every time I run a scan.

Run the symhelp tool on it to see if anything unusual shows up

Troubleshooting computer issues with the Symantec Help support tool

Hi

Request you to log a case with Symantec Support

Number: 0008004401457

Regards

Ran Symhelp and it came says the Windows AutoRun Feature has been disabled. I attached a screenshot of the result to this post. I have been having trouble with flashdrives lately as they used to immediately be ready to eject after I hit the "safely remove media" thing on them to eject them, though now I usually get a "program still running using the flashdrive". All three of my flashdrives have been used on multiple computers without incident and Symantec always tells me whenever I plug one into the USB that it has blocked autorun.inf. From the reports Symhelp directed me to it seems better to have autorun disabled anyways, which makes me question why Symhelp flagged it. I also don't quite see how it could generate the entire "Start Active scan and it scans 0 files and then Windows reports virus protection gone bad" thing, though granted I am not a Tech professional. Also ran the Symhelp load poitn analysis and got one file listed as suspicious, attached is the report. It seems to be part of my Abiword program, which is safe. To anyone who might know is Symhelp  able to tell if Symantec Endpoint Protection has an error like I mentioned in my last post where the active scan stops at 0 files scanned because the most recent update failed to install and the client registers the failed update as corrupted? So far I am manually running Liveupdate first thing after I start up the computer and I haven't run into the issue again yet.

SymHelp would tell if there were issues or errors with the client, its services, etc.

Have you tried just running a repair of the client?

Just to be on the safer side, run power eraser.

http://www.symantec.com/business/support/index?page=content&id=TECH134803

Does it log anything in the event viewer after scan? for ex, AV being disabled, AP malfunctioning..

Not sure if doing a "System Restore" is a best practice with SEP 12.1 and even on Windows 8 - which you show you executed this on.

http://www.symantec.com/business/support/index?page=content&id=TECH162443

I'll run that. And no it shows zero files scanned and doesn't log anything really.

Edit: Power Eraser came up clean. Other scanning programs like Malewarebytes, Kapersky Rootkit Utility, and Spybot Search and Destroy all came up clean.

I do recall the previous to 12.1 version of Symantec not playing well with system restore. Had the tech guys at one of the local tech support places running in circles for a bit. Since all the virus scanning programs I have came clean I do plan to uninstall and reinstall it the next time it does this. I assume even if one of those autorun.inf viruses was somehow involved one of them would have picked it up.

It repaired itself once it registered that definitions were not there the first time, but the system restore might have disturbed it enough. Otherwise I just rebooted and everything came up normal and working. Liveupdate did pick up some updates once i ran it after the reboot. The only problem it seems to have is that every once in a while running an Active Scan (usually at least 20-30 minutes after starting the computer up in the afternoon/evening) it stops at 0 files and Action Center reports a problem with Symantec, running Liveupdate at this time shows no new updates. In addition just a restart of the computer seems to get it back into working order and Liveupdate then shows updates, downloads them, and everything seems back to normal working conditions. The biggest thing is even after the active scan goes weird and completes after scanning zero files and Action Center brings it up is that Symantec still had the green and "Your computer is protected message". About the only thing I can figure (besides some really sneaky virus) is that the fresh update for that day installed incorrectly and when the Active Scan started up it looked for the new virus definitions, which weren't there, and then it kinda failed which triggered action center. Rebooting seems to reset the "Update attempt" thing and then Liveupdate actually shows and installs the new definitions. Its, just, while that comes to my head I don't trust my own judgement on that and decided to check here incase it was some sort of virus I wasn't aware off before I tried a reinstall.

Where I posted and attached the Symhelp results, The error it pointed out on Windows autorun. Does that mean autorun is actually disabled or is it showing as an error because autorun is not disabled. Should I be worried about it? The loadpoint analysis at least didn't turn up any autorun.inf bugs, neither did the power cleaner. But regardless, is it a possible concern even if it is unrelated to the current occasionaly recurring issue?

per the screenshot, it's enabled

You need not have to worry about that, Any info from the event viewer?

can you check the dcom permission as mentioned here

http://www.symantec.com/business/support/index?page=content&id=TECH141644

By the event view I assume you mean the system and threat logs. The only non-normal thing they show is a failed attempt to send Symantec information on c:/windows/system32/mshtml.dll The failed attempts don't line up with the times I had errors, and that file itself hasn't shown up  on any scans. It is marked as having been modified closer the beginning of this month but it was not the time i started having issues but was the same time my computer had an update from microsoft. So i feel relatively safe on that. Before I try to check the dcom permissions i want to ask if Symhelp would have turned up any issues on it. For the most part I have not had any recurring issues since the last pair, so I'm starting to wonder if its just another quirk of Windows 8.

Edit: Under further thought I relize that the first two instances of trouble I mentioned seem to remind of an issue i had on my previous computer several years ago. That flash drive I mentioned in my first post was in use at the time and I seem to remember just doing a system restore and being fine afterwards, I do believe the first two points of trouble occured immediadely upon closing the suspect animation file and wiping the temporary files clean respectively. The "c:/windows/system32/mshtml.dll" file was updated via windows update just several days before the time where I started active scan and then Symantec was reported as out of date. If thats the case, and considering every scan I run shows nothing more than one or two tracking cookies (which are promptly disposed of without incident), it seems to me it just might be an instance of windows 8 kinda messing around. The update that one mentioned file was from contained a series of security updates and the times that Symantec tried to send information on that file decreased to almost none after that set of updates to windows. Does this line of reasoning seem sound? (non-tech professional here with little faith in his own judgement)

Hi

Whether those are imaged systems

Regards