Endpoint Protection

Hi,

Is it possible to get the real time scannng log?for example we have to know what are the files and folder which real time scanned?is it possible to to this info?

Hello,

In the client go to client  GUI--->Status--->AV/AS-->options--->View file system auto-protect statistics..

OR

You can enable VPdebugging, the log will show what files have been scanned.

http://www.symantec.com/business/support/index?page=content&id=TECH102939

Regards,

No, as of now only On-deman and scheduled scan is possible

How to log all files and directories scanned during On-Demand / Scheduled Scan with Symantec Endpoint Protection 11.x and 12.1

https://support.symantec.com/en_US/article.TECH103126.html

There's no log that will tell you the files that were scanned. It will only log if something malicious was found in those scans.

Why this option is not integrated?is this product limitation?is any other way can we know this info?

If you have a large estate the space requirements for the logs would be quite substantial. Which is why I presume they've not been included.

Hello,

When you are performing a real time scan from SEPM, you may see a lot of progress bars for the on going scans. Secondly, when performing this it accumulates a lot of logs.

I am sure you as an admin would not like that to happen.

In case, you have a specific client, you can enable VPdebugging, the log will show what files have been scanned.

http://www.symantec.com/business/support/index?page=content&id=TECH102939

Regards,

Enable VP Debugging on the SEP client or you can use Procmon to see this.

http://www.symantec.com/docs/TECH98079

Hi,

There is real time scan called as 'Auto protect scan'. Auto-Protect continuously inspects files and email data as they are written to or read from a computer. Auto-Protect automatically neutralizes or eliminates detected viruses and security risks. Mac clients and Linux clients support Auto-Protect for the file system only.

See http://www.symantec.com/docs/HOWTO80944

There are different types of scan:

Active scan:

Scans common loadpoints ( like startup files, few registry entries,C:\Windows, Temp and User Profile ) and memory. Its is a scan which normally takes 2-5 minutes

Full Scan:

Scans the entire computer for viruses and security risks, such as adware and spyware. Use this scan to look in the boot sector, in the programs that are loaded into memory, and in all files and folders. A password may be required to scan network drives.

Custom Scan:

Scan only the files and directories that you specify.

Real time scanning logs i.e. detail information about scan file is not possible, if SEP started capturing this info it will become a huge file. Log shows which scan had triggered and if it found any suspicious file it will share the info. 

Though it does not capture each and every scan file entry you can view information while it's performing scan.

However, if you still feel detail report should be available.

Post it under idea section: https://www.symantec.com/connect/security/ideas

After enabling VPdebug log,it will not show which files are scanned (while opening the file symantec will scan,this log is not showing)

Look for "Processing file" lines in the file. this should indicate what is beig scanned

As far as I know, there is no such log which can show you files scanned by Auto-protect, vpdebug logging will show only files which are scanned during scheduled/on-demand scan, it WILL NOT show files scanned by auto-protect. You can see the files scanned by Auto-Protect as mentioned above SEP GUI--->Virus and Spyware Protection--->Options--->View file system auto-protect statistics..