Event log in Symantec Antivirus Corporate Edition V9.0

Posted on 2006-05-27
Last Modified: 2012-05-05
I am using Symantec Antivirus Corporate Edition V9.0.  Today I noticed that when I look into a folder within the application called event log, it makes notes with exclamation points that a number of files could not be opened or scanned.  There are about sixty notations or events noted.  I will list several of them below so that you understand what I am talking about.

Scan could not open file C:\WINDOWS\system32\drivers\atapi.sys [00000003]
Scan could not open file C:\WINDOWS\system32\config\SECURITY.LOG [00000003]
Could not scan 1 files inside C:\WINDOWS\I386\SOFTBAR.IN_ due to extraction errors encountered by the Decomposer
Scan could not open file C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0B4752E9-74E2-4B31-846E-1F98CE7850FC.tmp [00000003]

All of the listed events are "scan omissions".  Because I have several PCs all running Windows XP I checked the event logs on those as well and it is the same thing.  Can anyone tell me if this is normal and if it is normal what does it mean?  Why can't the antivirus program scan these files?  Is there any danger that because these files can't be scanned that I could have a virus lurking in one of those files?  
When I run scans, the program finds viruses on occasion but it has always removed or quaranteend the virus and makes a log of that as well.

Dean Blair
Question by:deanblair1
    LVL 32

    Accepted Solution

    I would say this is normal and nothing to worry about. These are all legit files that could not be accessed because they were in use at the time:

    atapi.sys : disk/cd driver
    security.log : The Security Event Log
    softbar.in_ : Part of the original Windows installation file
    The tmp file: You must have Spy Sweeper running at the same time.

    No, there is no danger that these could be harboring viruses (at least virtually no danger).

    In the case of compressed files (like .zip) Symantec tries to expand them and examine for viruses. In the case of the softbar.in_ file it mistakenly thought thast was compressed, but then could not expand. That is just a mistale on the part of Symantec.

    Author Comment

    Thank you R-k
    LVL 32

    Expert Comment

    Thanks and good luck.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    This video discusses moving either the default database or any database to a new volume.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now