Endpoint Protection

Is there a way to tell Rtvscan.exe to tell us which files is it opening and why?

According to TaskManager.exe, everyday at a specific hour this process grabs about 20-30% of CPU for about 10min. The I/O reads also go up for that time.

We have no idea why?

There are no processes running that high on CPU or disk I/O at the time.

Is there a way to tell Rtvscan.exe to log in verbose mode what it's trying to do and why.

Our administrator also checked the System Logs on the symantec server and we don't see any disk scans, or other large activities. No activity for that time period.

You can use sysinternals procmon for this ( Process Monitor )
http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx 

Thanks for your reply. I know we can use programs outside of Rtvscan.exe to analyze what is happening.

However, I'd prefer for Rtvscan.exe to tell us what it's doing rather than investigating externally (and possibly missing the real reason).

Is there a way for Rtvscan.exe to say what's doing and why?

VPdebug will tell you about RTVScan's activities, including what files are being scanned.

How to enable "Vpdebug logging" on Symantec Endpoint Protection 11.0

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007111516575148

Be aware that this logging is very verbose and log files grow in size very rapidly.

Awesome. This is exactly the information we were looking for.

Hopefully, we can get to the bottom of this.

Thanks for the help!!