Video Screencast Help

Context menu entry for "Scan for viruses" on 64-bit platform.

Created: 29 Sep 2009 • Updated: 20 Jul 2011 | 69 comments
Mikko K.'s picture
80 Agree
0 Disagree
+80 80 Votes
Login to vote
Status: Implemented

Being one of the most basic tools, the option for scanning individual files or folders is missing from the 64-bit versions of Enpoint Protection. I'd like to see this implemented in near future.

Comments 69 CommentsJump to latest comment

Jeremy Dundon's picture

If you right click any given file and choose properties, that activity is enough to cause AutoProtect to scan the file.

While you will not get a scan dialog box, the file still gets scanned.

+3
Login to vote
Scuba Steve's picture

The reason why this isn't available is because of the way it is referenced. It is looking for program files, and on a 64-bit system, the 32-bit apps are located in program files (x86). This is as designed in the dll.

Hope fully a developer will chime in as to if this will be resolved in a future release.

+3
Login to vote
Golden Greek's picture

Wow, not having this feature really takes away from SEP 11.  I was hoping that by the release of 11.0.5 that it would be fixed.  Nope.  Can those programmers working for Symantec make this a priority for 64-bit OS systems?

+1
Login to vote
shp's picture

 I agree with Mikko... sometimes when we need to scan some files we have to follow lot of step... 

Regards,
Srinivas H.P.
HCL Infosystems Ltd

0
Login to vote
pupuns2's picture

since USB drives used to contain most of the virus and with this option not available it will be really very difficult.

when can it be done ? can we be informed when it is fixed so that we can download the latest one ?

+1
Login to vote
pupuns2's picture

Scuba, when can the fix be done coz I think all need it..
pls reply on it.

0
Login to vote
Gibby_'s picture

I realize you can get the scan by selecting properties, however it is good for peace of mind to get the actual results.  Also when I first noticed this as I was trying to scan a file, I got a little paranoid that I had a virus that had deleted the option.

Thanks,
Jonathan

+1
Login to vote
AravindKM's picture

I am also agreeing this is an required feature .Anyway Ludikraut has posted a workaround for this problem. For more info refer 64 bit context menu workaround 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

0
Login to vote
JimW's picture

While this wont be in the Amber release, I do want to get this feature in. Please continue voting.

JimW

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

+1
Login to vote
rossworth1's picture

it is essential for an enterprise level security application, basic stuff....come on symantec

0
Login to vote
Osman Nuri's picture

This is a feature which must be. Strange that there is also no workaround on this. At worst, there should be a tweak about this. Creating a new custom scan is a lot of stuff.
Most of viruses speads via USB memory sticks. In Kasperskyp 2010 Internet Security there is an option like when you plug you USB stich, it prompts if you want to do a full or custom scan. But in SEP you can not do this even right click on drive. Weird.

+2
Login to vote
Subhi Pattiam's picture

Hi,

This should be enabled & very useful for like ad,exchange servers..

...subhi

0
Login to vote
DA MJH's picture

I agree, Please add this functionality ASAP.
Our security policy requires us to scan all incoming contractor data (Usually a USB drive) before copying it to the servers. A background scan is not acceptable for this process.  As a long time symantec AV customer, we view this as a standard opperating feature that has been removed. and of course the managers are asking if we should change venders.

+1
Login to vote
Noeffort's picture

I agree, Enterprise-Customer

Hello,  I am an enterprise customer of Symantec with a Fortune 1000 company based in Palo Alto, CA.  We utilize SEPM and clients at version 11 on windows 7, both 32 and 64 bit.

This is more than just a minor inconvenience, as we have driven several previous AV rollouts with specific instruction for users to pro-actively guard against infection by directly saving an attachment to a neutral folder first, and then right clicking and doing a "Scan for Virus".

We made a previous vendor choice to switch from your (plausibly largest competitor) with this as one of the factors of why we chose Symantec.

For the design team to make this choice to omit this feature has a direct impact on our future motivation to continue licensing with Symantec.  Not only am i making this feature request through this avenue, we will also be formally requesting this via our TAM.

Please add this feature post haste!

Thank you! 

+2
Login to vote
Adam_'s picture

Please add this functionality ASAP.

Thank you.

0
Login to vote
JimW's picture

@Noeffort

Thank you for the information.

Lets keep the votes going.

JimW

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

0
Login to vote
mmescher's picture

I also insist that it must be included very quickly! Although a smaller customer of the product with less than 200  licenses, I will not hesitate to stop paying AUP and buy into "the competition"
Other vendors DO offer the feature. Problem is known for a long time now, and with all the complaints and requests from everyone else on this topic it almost feels like you're not taking your customers seriously any longer?
I always opted for Symantec Antivirus due to it's simplicty in centralized mgmt and great VTDM push mechanism for immediate updates but this is getting ridicilous.
With the release of Win7 and Windows 2008 R2 server, the 64 bit platforms are finally superseeding the limitations of a 32bit platform and being rolled out more and more.
I am moving to Win7 64 bit edition with every new PC I deploy in my company and do not like to create On-Demand scan jobs for every possible drive letter that I mount on a PC.
The  workaround mentioned earlier is not acceptable, as it does not visually confirm me wether something got scanned or not!

+1
Login to vote
MSoft Guru's picture

How'd this get overlooked.

ADD ADD ADD......  PLEASE....

Granted, the following keys do exist in context menu handlers.  LVDPMenu  {8BEEE74D-455E-4616-A97A-F6E86C317F32}
But here's the related keys are all there:  assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="x86"

0
Login to vote
flynhi66's picture

This is not a nice-to-have.  C'mon guys - work with us here!

0
Login to vote
SEPuser001's picture

Is there some sort of work around for this problem, I do not want to scan the entire C drive in order to check1 file?

Im using SEP version 11.0.5002.333 on Window 7 64 bit.

Thanks, please let me know.

0
Login to vote
SEPuser001's picture

I notice one workaround is -

"if you right click any given file and choose properties, that activity is enough to cause AutoProtect to scan the file.

While you will not get a scan dialog box, the file still gets scanned."

How can I be sure that  AutoProtect is running?  I checked the help but still not sure.   Thanks anyone.

0
Login to vote
kabatus's picture

Hi,

I'm implementing SEP11 solutions for large companies (5000+) and each one is complaining about missing context menu in 64bit systems.
I don't understant why it hasn't been already fixed as this is a really huge bug affecting day to day work of system administrators.

PLEASE ADD IT.

Thanks,

Kabatus

0
Login to vote
JimW's picture

It is being added to the Amber release.  Thank you for the feedback to help drive this feature into SEP.

JimW

Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec

+1
Login to vote
Lazarus439's picture

This is useless information because there's no public information that Google can find on this "amber release".   How about a REAL, LIVE date?  Or at least some teeny, tiny little bone like this quarter", "this year", "Version 12" or something.  Telling us this is in the "amber release" is not materially different than telling us "the check is in the mail".

+1
Login to vote
dmacbeth's picture

Well, it's December, and still no more word on when Amber will be released, despite countless requests here and probably many other places.  This feature has been a part of virus scanners since Windows 1.0, and since SEP doesn't scan portable media on insert, this is the only way most people scan CDs and USB drives.  Our migration from a competing product to SEP wasn't without its pain, and I really don't want to have to go through it again with another company.  Like others here, I represent an enterprise customer with multiple business units and multiple users poer busines unit.  Management is starting to point fingers at IT asking why WE haven't fixed this, when in reality, Symantec hasn't fixed it, even though we've been asking for the feature since April(?)!  Your lack of response is causing great nervousness, and this nervousness will eventually lead our security department to switch vendors.  THIS NEEDS TO BE ADDRESSED ASAP.

+1
Login to vote
Shawn T.'s picture

After reading this thread, I checked in beta 12.1.399.4350. The feature was present on my Windows 2008 R2 x64 and Windows 7 x64 test installs. The public beta is coming soon, so take a look at the beta sign-up page:  http://www.symantec.com/business/theme.jsp?themeid=sep12-beta&inid=us_bizbanner_hero7_sep_beta

 

Shawn T.

0
Login to vote
prosozial's picture

can you give me a release date?

thanks, Holger

+1
Login to vote
NetAdmin1's picture

Has Symantec announced a date for the Amber release?
Can we be notified when it is?
Thank you in advance for your asssistance.

+2
Login to vote
John Cooperfield's picture

This omission for 64 bit OSes is rather serious. 

While  Mikko K.  wrote ...
 
     You can see if the auto-scan fires up from opening the SEP client UI -->
     Options -> View file system auto-protect statistics (as pointed out by
     Symantec's Paul Murgatroyd)
      The workaround you provided applies only if you have the  ["]Scan files
      when accessed["]  enabled.

... it is an irony  that a Symantec whitepaper suggests optimizing 98% of your servers
(the Terminal Server (RDP) ones)  by setting "Scan only on Modified."  which would kill the above technique.

All of our new server builds are 64 bit.  I am to start installing SEP on some of them this week.    Will try Ludikraut 's workaround, here.

Thanks
 

+1
Login to vote
Diesel23's picture


ADD ADD ADD......  PLEASE....

we work in a government industry that has very high security regulations and we need to scan all work files.....

+1
Login to vote
jhilo44's picture

Will Symantec send out an e-mail as soon as this patch has been released? This feature is a definite need in our company!

+3
Login to vote
jprince1's picture

This issue was raised 9 months ago. It is inexcusable that a solution has not been introduced. This is a major security flaw that needs to be fixed ASAP or I will need to recommend that my employer switch different product when their license expires.

As 64 bit operation systems are becoming the norm on new pc’s, this issue is effecting a ever growing number of disappointed customers.

+1
Login to vote
NetAdmin1's picture

Symantec expects to have the feature fixed the the Amber release.
I have been heard that that for Amber they are currently targeting a release at the beginning of next year.
Given the growing implementation of 64-bit platform in enterprise environments, I hope that that they somehow deliver the fix considerably earlier than expected. 

+2
Login to vote
J.Knopf's picture

This is very poor, I am now waiting almost a year for a solution to this.

+1
Login to vote
prem@raksha.co.in's picture

hi this is an essential feature for 64 bit platforms even in mr6 aqlso this feature is not enabled please workaround this and add this feature

+2
Login to vote
vreiner's picture

I also find this a disturbing omission. It's great that JimW states "it will be included in the Amber release" - but when is that going to happen?  JimW's last post was IN MAY - it is NOW OCTOBER.

I am running 11.0.5002.333 and this feature is still missing!!

 

What version number will "Amber" be, and when is it getting released?  JimW please post a response ASAP.

+1
Login to vote
yfki's picture

I have gotten tired of waiting for Symantec to fix this. I have written a custom solution that I will publish shortly. What confuses me here is why the symantec engineers have not fixed this yet, it seems to be no issue at all, just a slight change.

This is also very odd, why does an older version of SEP have more functionality then the newer version. The additional parameters available (/scandir /scanfile) in an older version of DoScan.exe is what I have used to invoke the StartScans() function.

https://www-secure.symantec.com/connect/articles/n...

I slightly modifed the DoScan.exe so that it would not overwrite the 'DisplayStatusDialog',0 ; reg entry, so when invoked, it will be visible to the user. The one dependency is that DisplayStatusDialog is set to 1 in the Default Scan Options under HKLM

Stay tuned, I will upload the Context Menu Handler, along with the required version of DoScan.exe and DoScanRes.dll.

+1
Login to vote
Pete_ACC's picture

Another vote here for this feature to be enabled. Could someone from Symantec please provide an update on this issue?

+1
Login to vote
yfki's picture

I will post a full solution shortly, but a few things that should be noted.

My original attempt to modify the older version od DoScan.exe was halted because of a CheckCaller validation that is invoked by RTVScan. This in essence limits the older DoScan.exe to being completely invisible to the user, and for the most part, unmodifiable.

After a number of hours and a variety of different attempts to modify the code,  I wrote a small c# app to do the dirty work which can be invoked from the Context Menu.

It works by using 2 different threads, 1 to monitor the registry for DisplayStatusDialog (and immediately change it to 1) and the other which calls the older version of DoScan with the /scandir /scanfile arguments. Not flawless by any means, but I havent seen it fail yet.

This solution may not be suitable for some users who choose to save custom tasks, because ai immediately run a SubTreeDelete on init here, technically not required, but I do it as a cleanup/qa.

HKEY_CURRENT_USER\Software\Symantec\Symantec Endpoint Protection\AV\Custom Tasks\

All in all, this seems to be working perfectly on my w7 x64 box, I just need to clean up the code. It will not be a real context menu handler per sy, but you can just add the entries to folder and * under HKCR

 

Stay tuned....

+1
Login to vote
yfki's picture

I can't post DoScan.exe and DoScanRes.dll, but they can be retrieved from this version of SEP
Symantec_Endpoint_Protection_11.0.6_MP1_Xplat_EN_DVD.zip

Setup
1)Extract somewhere, update .reg file to reflect location of SEPContextMenu.exe
2)Import reg
3)Get the correct vresions of DoScan.exe and DoScanRes.dll and place them into the same dir
4)Right click a folder/file and Scan for Viruses...
5)Done

/----------------------------------
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Diagnostics;
using System.Threading;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using Microsoft.Win32;
using System.Text.RegularExpressions;

namespace SEPContextMenu
{
    public partial class SEPContextMenu : Form
    {
        [DllImport("user32.dll")]
        static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);

        [DllImport("user32.dll")]
        public static extern Int32 SetForegroundWindow(int hWnd);

        [DllImport("user32.dll")]
        public static extern int FindWindow(string lpClassName);

        public SEPContextMenu()
        {
            string[] args = Environment.GetCommandLineArgs();
            Debug.WriteLine("Number of arguments " + args.Length);
            if (args.Length < 2)
            {
                Debug.WriteLine("Incorrect number of argument passed in");
                Environment.Exit(1);
            }

            InitializeComponent();
            ShowInTaskbar = false;
            ShowWindow(this.Handle, 0);                  
            string path = args[1];
            string fileORdir = null;

            Debug.WriteLine(args[1]);
            //Detect whether its a directory or file
            FileAttributes FileAttrib = File.GetAttributes(@path);
            try
            {
                if ((FileAttrib & FileAttributes.Directory) == FileAttributes.Directory)
                {
                    Debug.WriteLine("Its a directory");
                    fileORdir = "/scandir";
                }
                else
                {
                    Debug.WriteLine("Its a file");
                    fileORdir = "/scanfile";
                }
            }

            catch
            {
                Debug.WriteLine("Invalid file or directory, exiting");
                Environment.Exit(1);
            }

            //Clean the registry
            try
            {
                Registry.CurrentUser.DeleteSubKeyTree("Software\\Symantec\\Symantec Endpoint Protection\\AV\\Custom Tasks");
            }
            catch
            {
                Debug.WriteLine("Existing registry does not exist...");
            }
            
             
            RegistryMonitorWorkerT.RunWorkerAsync();
            Thread.Sleep(3000);
            startScan(fileORdir, path);

        }

        private void startScan(string fileORdir, string path)
        {
            ProcessStartInfo psi = new ProcessStartInfo();
            Regex regexObj = new Regex(@"(\w:\\.+\\)(.+)");
            string WorkingDir = regexObj.Match(Assembly.GetExecutingAssembly().Location).Groups[1].Value;
            Debug.WriteLine("Working Directory " + WorkingDir);
            psi.WorkingDirectory = WorkingDir; // "\"" + +"\"";  
            psi.FileName = "DoScan.exe";
            psi.Arguments = fileORdir + " " + "\"" + path + "\"";
            Debug.WriteLine("DoScan.exe " + fileORdir + " " + "\"" + path + "\"");
            Process.Start(psi);
        }

        private void button2_Click(object sender, EventArgs e)
        {
            RegistryMonitorWorkerT.CancelAsync();
        }

        private void RegistryMonitorWorkerT_DoWork(object sender, DoWorkEventArgs e)
        {
            do
            {             
                using (RegistryKey root = Registry.CurrentUser.OpenSubKey("Software\\Symantec\\Symantec Endpoint Protection\\AV\\Custom Tasks", true))
                {
                    if (root != null)
                    {
                        string myKey = "CmdLineScan_";
                        Debug.WriteLine("Searching.....");
                        SearchSubKeys(root, myKey);
                    }
                }
            } while (RegistryMonitorWorkerT.CancellationPending == false);
        }

        public static void SearchSubKeys(RegistryKey root, String searchKey)
        {
            foreach (string keyname in root.GetSubKeyNames())
            {
                try
                {
                    using (RegistryKey LoopingKey = root.OpenSubKey(keyname, true))
                    {
                        if (keyname.Contains(searchKey))
                        Debug.WriteLine(keyname);
                        Object DisplayStatusDialog = LoopingKey.GetValue("DisplayStatusDialog");
                        if (DisplayStatusDialog != null)
                        {
                            Debug.WriteLine("Value : " + Convert.ToString(DisplayStatusDialog));
                            LoopingKey.SetValue("DisplayStatusDialog", 0x00000001);
                            Thread.Sleep(5000);
                            string className = "SAVScanDlgs";
                            SetForegroundWindow(FindWindow(className));                            
                            Debug.WriteLine("Application Exiting...");
                            Application.Exit();
                            Environment.Exit(1);

                        }
                        SearchSubKeys(LoopingKey, searchKey);
                    }
                }
                catch (System.Security.SecurityException)
                {
                }
            }
        }
    
    }
}

+3
Login to vote
NetAdmin1's picture

Hello, I too will personally vouch for yfki's work around.

It works quite well.

Thank you very much yfki!

This leads me to wonder as to why Symantec is taking so extraordinarily long to address such an issue.

It is likely one of the most frequently used features of any virus scanning software and given the even freebie virus software manages to include it in their releases, how many other bugs and security holes exist, that are treated with such a lackadaisical approach to resolution. The only indication that Symantec had any plans to address the issue is a vague reference to the "Amber Release" on May 01 2010.

We are now approaching 2011 without any further information on the Amber Release.

Symantec's overall response has been sub-par at best.

Perhaps we will finally have an "Official" effort sometime next year.

Thank you again yfki, for stepping up to the plate and succeeding where Symantec has failed.

+1
Login to vote
Nickolay 9999's picture

This works I can confirm, search for this:

DoScan_11.0.6_MP1.zip and this SEPx64ContextMenu.rar

There is also a video that demos it on Vimeo

id # 16545522 called "SEP Context Menu W7 x64"

0
Login to vote
yfki's picture

It's great to see others are confirming that it works.

0
Login to vote
Stang166's picture

YFKI's walkround is a verified working walkaround. Works just as the video shows.

0
Login to vote
samiit.uddin@gmail.com's picture

Dear All Symantec Team,

 This is  a very bad news that the Scan for Viruses Feature is not appearing in Windows 7 64 Bit Profissionall, May I know is there any Update or patch to get work with Scan for Viruses feature.

 Highly appreciate your quick response.Email Id: samiit.uddin@gmail.com

Thanks!

0
Login to vote
NetAdmin1's picture

Hello,

Please see the workaround poated by yfki earlier in the thread.

Many of us have tested it, and it works quite well.

Thanks,

NetAdmin1

+1
Login to vote
Jivo's picture

Dear friends, fellow users,

I have implemented yfki's solution today, and it works good - thanks!
 

What we should ask ourselves is: Do we have confidence in a product and company whose users are doing their job, solving basic functionality ?!?

0
Login to vote
oxford's picture

Could someone elaborate on ykfi's solution? I am glad it works for so many of you and would love to join you!

Specifically, I'm not sure what I am supposed to do with the code under line #5. After following the instructions as clearly as I can figure out, I get the following error message on attempting to scan: "This file does not have a program associated with it for performing this action. Please install a program or, if one is already installed, create an association in the Default Programs control panel."

0
Login to vote