Endpoint Protection

 View Only

  • 1.  Scan Engine Scan Error

    Posted Dec 02, 2010 04:54 PM
    I'm receving some Scan Engine 5.2 alerts that I just don't understand. I can't seem to find any documentation for troubleshooting this product either. Here is an example of the alert I'm receiving: The Scan Engine has encountered a scan error Date/time of event = 2010-12-02 14:42:17 Event Severity Level = Error Scanner = Generic Result ID = 6 File name = \\?\UNC\xxx.xxx.xxx.xxx\....\....\*****.bat Client SID = XXXXXXXXXXXXXXXXX Client Computer = XXXXXXX Client IP = xxx.xxx.xxx.xxx Scan Duration (sec) = 0.000 Connect Duration (sec) = 0.010 Scan Engine IP address = xxx.xxx.xxx.xxx Uptime (in seconds) = 261117 All the alerts point to user profiles and these .bat files that are loaded during login for the user (TS environment) I'm clueless as to what this alerts mean. Anyone?


  • 2.  RE: Scan Engine Scan Error

    Posted Dec 02, 2010 08:39 PM

    Cased on this:

    http://service1.symantec.com/SUPPORT/ent-gate.nsf/b4c923834a71aa5988256c8b0079d8a4/b9adbb7172b0155a80256eba0038cf34?OpenDocument

    You're missing a file. You may need to reinstall...



  • 3.  RE: Scan Engine Scan Error

    Posted Dec 03, 2010 07:34 AM

    TRY repairing or re-installing it



  • 4.  RE: Scan Engine Scan Error

    Posted Dec 06, 2010 04:15 PM

    These files are deleted on log off.  I'm not sure how I would resolve this issue... I can't exclude .bat files from being scanned.  Any ideas?

    Basically what's happening is that these bat files are created during a Terminal Service login and then during the log off a script is launched to delete all bat files from that folder.



  • 5.  RE: Scan Engine Scan Error

    Posted Dec 06, 2010 08:22 PM

    You can exclude certain paths if this is the root cause and you're sure that the batch files have passed quality control and would not mess up your PC.

    Do all the IPs hidden above belong to 1 or 2 PCs? Which are similar and which aren't. Just so I'll know which computer is doing the scans on the targeted file.

    Also, get a sample of the batchfile on a USB and scan it there.



  • 6.  RE: Scan Engine Scan Error

    Posted Dec 07, 2010 11:05 AM

    I couldn't find anywhere to create an exclusion like this within the Scan Engine Web Console.

     

    Yes, it's one or two filers however I'd have to use some variables as the path would have the username in it.  Is that possible?



  • 7.  RE: Scan Engine Scan Error

    Posted Dec 07, 2010 07:50 PM

    Try the variable:

    %username%

    It works in DOS. :D



  • 8.  RE: Scan Engine Scan Error

    Posted Dec 08, 2010 06:28 PM

    Mon misunderstood.  He was thinking this was for SEP, not Symantec Scan Engine.

     

    I spoke to symantec support and there is no way you can create a folder level exclusion through Symantec Scan Engine.

    However, there may be a way that it can be done on the NetApp side through vscan.  I will investigate and update.