Endpoint Protection

 View Only

  • 1.  SEP won't scan.. please help

    Posted Jul 27, 2010 03:39 PM
    Hello,

    I have been using SEP for a couple years and have found it very helpful.  I usually run a full scan once a week.  Last week I wasn't able to do it.  I opened SEP and clicked "Scan for Threats", "Full Scan" and nothing seemed to happen, so I repeated the process and SEP prompted me saying that a scan was in progress so this scan would be queued.  After that my computer was running very slowly until I restarted it.  Since then I have tried on a few occassions to do the same thing and have had the same result. 

    Now when I open SEP, View Logs, Antivirus and Antispyware Protection, View Logs, Scan Log    it says


    Started On    		 Completed Computer Status Total Files Infected Logged By
    7/24/2010 16:21   DUSTIN-LABTOP Clean 0 0 Manual scan
    7/23/2010 20:06 7/23/2010 20:25 DUSTIN-LABTOP Clean 483 0 Manual scan
    7/23/2010 19:04 7/23/2010 19:41 DUSTIN-LABTOP Clean 784 0 Manual scan
    7/23/2010 18:22 7/23/2010 18:54 DUSTIN-LABTOP Clean 823 0 Manual scan
    7/14/2010 11:59 7/14/2010 13:43 DUSTIN-LABTOP Clean 474371 0 Manual scan
    The three scans on 7/23/10 were all apparently aborted before completion.  I don't know how to abort the 7/24/10 scan..

    Note that Live Update still seems to work just fine.  SEP says that it is currently quarantining "Trojan.ADH" from a scan on 5/31/10.  Traffic log says that SEP is blocking about 2 incoming threats per minute mostly with severity level 10 (which I guess is minor?)...  I don't know if this is typical or not as I haven't looked at this until this problem began.

    I don't know if these are symptoms of a larger problem or not.  Please advise.

    Thanks in advance!
    Dustin


  • 2.  RE: SEP won't scan.. please help

    Posted Jul 27, 2010 03:58 PM
    do a repair of sep from add/remove programs and run the scan again



  • 3.  RE: SEP won't scan.. please help

    Posted Jul 27, 2010 07:05 PM

    So, after I sent the original message I thought I would try a system restore to before I saw the problem (i.e., a restore point on 7/17, before the eternal 7/24 scan)...  System restore worked, but didn't solve the problem.  Instead, Symantec recognized that something was wrong and gave me the message "File System Auto-Protect is not functioning correctly. Your protection definitions may be damaged or your product installation may be corrupt". 

    Upon taking your advice and doing a repair using Change/remove programs that message went away, but the scan that is running from 7/24/10 is still going.  The log reads:


    Started On    		 Completed Computer Status Total Files Infected Logged By
    7/27/2010 15:48 7/27/2010 15:50 DUSTIN-LABTOP Clean 350 0 Manual scan
    7/27/2010 14:37 7/27/2010 15:35 DUSTIN-LABTOP Clean 1069 0 Manual scan
    7/27/2010 13:04 7/27/2010 13:05 DUSTIN-LABTOP Clean 361 0 Manual scan
    7/24/2010 16:21   DUSTIN-LABTOP Clean 0 0 Manual scan
    7/23/2010 20:06 7/23/2010 20:25 DUSTIN-LABTOP Clean 483 0 Manual scan
    7/23/2010 19:04 7/23/2010 19:41 DUSTIN-LABTOP Clean 784 0 Manual scan
    7/23/2010 18:22 7/23/2010 18:54 DUSTIN-LABTOP Clean 823 0 Manual scan
    7/14/2010 11:59 7/14/2010 13:43 DUSTIN-LABTOP Clean 474371 0 Manual scan

    Upon starting any scan now no window pops up showing progress of the scan and the computer slows way down (presumably due to the scan still going from 7/24/10).

    Also, I checked my Windows firewall and noticed it had been shut off at some point during this fiasco...which makes me think there may indeed be some sort of security breach going on here...  I turned it back on and later it got turned off again.  I immediately put it back up and it's still up. 

    Any more advice?

    Dustin


  • 4.  RE: SEP won't scan.. please help

    Posted Jul 27, 2010 09:52 PM
    Is this a managed client or unmnaged client???

    You can stop the SEP service & try to kill the rtvscan process then try to start the SEP service this should stop your Scan.

    Also what is the version of the client??


  • 5.  RE: SEP won't scan.. please help

    Posted Jul 28, 2010 04:14 PM
    I disable SEP, open up windows task manager and kill Rtvscan.exe, it goes away, but comes back after about 10 seconds.  This is a personal computer that only runs live update/virus scans when I tell it to.  I guess that makes it unmanaged?

    Also, the version is 11.0.4202.75.

    I'm thinking the best solution might be to completely uninstall and reinstall SEP, but I'm worried about the trojan that it is currently quarantining...  I really want to avoid completely reformatting.

    Let me know if you think uninstalling and reinstalling is a reasonable plan.

    Dustin


  • 6.  RE: SEP won't scan.. please help

    Posted Jul 28, 2010 04:44 PM
    Dustin,

    I completely understand your concern!  If the machine's infected, then you might have a problem reinstalling SEP after uninstalling.

    If you can, try to run a scan from something like the Symantec Endpoint Recovery Tool (which allows you to create a bootable ISO).

    Title: 'How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions'
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010041515464348

    What is your OS?

    ETA: The threat that was Quarantined: "Trojan.ADH is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers. "

    sandra




  • 7.  RE: SEP won't scan.. please help

    Posted Jul 28, 2010 05:15 PM

    I did try to run the Symantec SEP Support tool, but that didn't turn anything up.  I haven't tried the SEP Recovery Tool yet.  I need to go download it on my other computer and get it on a disc. 

    My OS is XP. 

    I don't know what ETA means...usually "estimated time of arrival"...?  Anyways, that description is disconcerting.  It sounds like SEP won't be able to get rid of it regardless and it's a big security threat.  Should I just consider reformatting to get rid of it for good? 

    Do I run a risk of the virus sticking around if I backup my files on an external harddrive?

    Thanks,
    Dustin




  • 8.  RE: SEP won't scan.. please help
    Best Answer

    Posted Jul 28, 2010 06:37 PM

    Sorry, ETA is "Edited to Add" :)

    If the file is quarantined, then it's rendered inert.  Before going through something as drastic as reformatting the drive, I would look and see what kind of detection found the file, in the logs.  If it was detected by AutoProtect, then it's possible this was intercepted before it had a chance to write to the drive and therefore your machine was not actually infected.

    So the Load Point Analysis portion of the Support Tool did not find anything suspicious?  I can't see your original post in this reply window--did you say you tried scanning while in Safe Mode?

    I was wondering about the OS because if it was Windows 7, then the build you have is not compatible with Windows 7. 

    If you're using PTP, turn up the scanning sensitivity.  :)

    Title: 'Security Response recommendations for Symantec Endpoint Protection settings'
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010020308592948

    If everything is coming up clean and you are not experiencing any other sort of symptoms, then I would try a repair of the SEP client, or remove and reinstall.  (There's also a newer version of SEP, 11.0.6005.  I would update if I were you, if that is a possibility.)

    sandra


  • 9.  RE: SEP won't scan.. please help

    Posted Aug 02, 2010 01:57 PM
    I uninstalled and installed SEP and everything appears ok for now..  It scans just fine and comes up clean (except for some tracking cookies).


  • 10.  RE: SEP won't scan.. please help

    Posted Aug 02, 2010 04:02 PM
    Awesome! =)

    sandra