Endpoint Protection

 View Only

  • 1.  Scripting: How to detect when a scan is done?

    Posted Apr 17, 2013 09:06 PM

    I want to run a series of maintenance actions in the middle of the night, using Wake On LAN to turn on machines, run a script of things to do, and then turn off the target machine when the tasks are complete. This includes things like full-disk defragmenting, which can take a long time.

    One of the tasks I want to do is run a full antivirus scan in the middle of the night so that users are never inconvenienced with slow performance due to the full scan or startup scan running during the daytime hours.

    ,

    I do see that you can run a scan from the command line using "DoScan.exe" but it doesn't wait for the job to complete, but instead DoScan.exe immediately exits and runs the job in the background.

    I want to do a "foreground scan" from the command line so that the prompt doesn't return until the task is done, so that a script can then run  "shutdown /s /t 60" following the scan.

     



  • 2.  RE: Scripting: How to detect when a scan is done?

    Posted Apr 18, 2013 02:20 AM

    I do see that you can run a scan from the command line using "DoScan.exe" but it doesn't wait for the job to complete, but instead DoScan.exe immediately exits and runs the job in the background.

    - This is expected behaviour as doscan.exe is not a AV scanner itself but only a binary calling the SEP AV Scan

    - What SEP version are you running? In SEP 11.x the very scan process will be Rtvscan.exe for example

    - after scan is finished the AV Scan logs will be updated with relevant entries- found under following location:

    C:\Programdata\Symantec\Symantec Endpoint Protection\[SEP Version]\Data\Logs\AV\



  • 3.  RE: Scripting: How to detect when a scan is done?

    Posted Apr 22, 2013 09:56 AM

    This is SEP 11.x

    It does not help that "the logs will be updated". I need a scripted way to know if the scan is currently in progress, done, canceled, etc.

    Also RTVSCAN.exe never appears to actually close so monitoring for the existence of this process won't tell me anything about scanning progress or completion.



  • 4.  RE: Scripting: How to detect when a scan is done?

    Posted Apr 22, 2013 10:29 AM

    schedule a admin scan at that time.

    if you see ccschst.exe running then scan in progress or you can enbale the loggin , check to see if that completes the scan

    http://www.symantec.com/business/support/index?page=content&id=TECH103126



  • 5.  RE: Scripting: How to detect when a scan is done?

    Posted Apr 22, 2013 02:28 PM

    I know you are looking for something a little more accurate than this but you could just use a sleeptime.  AKA if you are using powershell Start-Sleep -seconds 360 

    Or you could read the logs with your script to see when it finishes.