Scheduled/Manual scan takes a long time to complete on a machine with an active Application and Device Control policy

Article Id: 177989

Status: Published

Updated On: 08-11-2011 08:49

Legacy Id: TECH96797

Products:

Endpoint Protection

Issue/Introduction:

Scheduled/Manual scans take a long time to complete on a machine with an active Application and Device Control policy. You have already fine tuned the scanning options but scans continue to take a long time to complete.

The Symantec Endpoint Protection control log contains a large number of entries after a manual or scheduled scan started or completed.

Cause:

An active Application and Device Control policy is assigned to the affected client(s) that is configured/setup to monitor file-activity. For example:

Whenever DOC, XLS, PPT, PDF files are accessed, you configured the Application Control policy to log the access.
Whenever an EXE file is launched, you configured the Application Control policy to log the launch.

The result of this policy is that when you run a Full or Manual scan SEP will generate a large number of log entries in its local Control log. For example:

13:19:56            File_Access(Local)_File_Write    1824     C:\Program  Files\Symantec AntiVirus\Rtvscan.exe          0          No Module Name     c:\documents\Policy.doc  Default SYSTEM           A Company

Resolution:

For each of the applicable rules that generate to much log-traffic during a scan, you should exclude "rtvscan.exe" from being monitored by adding it to the field "Do not apply this rule to the following processes". Other exclusions or exceptions for other processes may be applicable for this type of rule.

Applies To

You are running a managed Symantec Endpoint Protection client with an active Application and Device Control policy.