When running a manual scan, the scan shows finished immediately with 0 messages scanned. If the scan is editted, the list of mailboxes available is blank.
If a debugview log is generated during service startup per How to Obtain Debug Logs for Symantec Mail Security for Microsoft Exchange (SMSMSE)
Entries similar to the following are written to the log:
Enumerating mailbox store 0: CN=Container name,CN=Exchange Administrative Group,CN=Administrative Groups,CN=Container name,CN=Microsoft Exchange,CN=Container Name,CN=Container Name,DC=Domain controller,DC=Domain Controller,DC=Domain Controller
Debug Trace: HRESULT=0x8007200A - The specified directory service attribute or value does not exist.
Exchange 2007, 2010, 2013 or 2016
The SMSMSE service account does not have read access to the Exchange database object listed in the error above.
Assign all permissions required to the SMSMSE service account per Permissions considerations for the Symantec Mail Security for Microsoft Exchange service account.
If all permissions appear correct per the above document, this is an indication that the Exchange-View Only Organization Management group is not granting read access to the database object listed above as expected.
Manually assign the permission to read the database object to the SMSMSE service account via the Exchange Management Shell
This should allow the SMSMSE service account to read the contents of the mailbox database and build the list of users. Keep in mind that this is a workaround, ultimately the Exchange View-Only Administrators group should grant access to all Exchange databases. It is recommended to troubleshoot the underlying reason the Exchange View-Only Administrators group does not have read access to this database object.