?
Solved

Event log in Symantec Antivirus Corporate Edition V9.0

Posted on 2006-05-27
3
Medium Priority
?
5,273 Views
Last Modified: 2012-05-05
I am using Symantec Antivirus Corporate Edition V9.0.  Today I noticed that when I look into a folder within the application called event log, it makes notes with exclamation points that a number of files could not be opened or scanned.  There are about sixty notations or events noted.  I will list several of them below so that you understand what I am talking about.

Scan could not open file C:\WINDOWS\system32\drivers\atapi.sys [00000003]
Scan could not open file C:\WINDOWS\system32\config\SECURITY.LOG [00000003]
Could not scan 1 files inside C:\WINDOWS\I386\SOFTBAR.IN_ due to extraction errors encountered by the Decomposer
Scan could not open file C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0B4752E9-74E2-4B31-846E-1F98CE7850FC.tmp [00000003]

All of the listed events are "scan omissions".  Because I have several PCs all running Windows XP I checked the event logs on those as well and it is the same thing.  Can anyone tell me if this is normal and if it is normal what does it mean?  Why can't the antivirus program scan these files?  Is there any danger that because these files can't be scanned that I could have a virus lurking in one of those files?  
When I run scans, the program finds viruses on occasion but it has always removed or quaranteend the virus and makes a log of that as well.

Sincerely,
Dean Blair
0
Comment
Question by:deanblair1
  • 2
3 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 2000 total points
ID: 16775720
I would say this is normal and nothing to worry about. These are all legit files that could not be accessed because they were in use at the time:

atapi.sys : disk/cd driver
security.log : The Security Event Log
softbar.in_ : Part of the original Windows installation file
The tmp file: You must have Spy Sweeper running at the same time.

No, there is no danger that these could be harboring viruses (at least virtually no danger).

In the case of compressed files (like .zip) Symantec tries to expand them and examine for viruses. In the case of the softbar.in_ file it mistakenly thought thast was compressed, but then could not expand. That is just a mistale on the part of Symantec.
0
 

Author Comment

by:deanblair1
ID: 16776596
Thank you R-k
0
 
LVL 32

Expert Comment

by:r-k
ID: 16777899
Thanks and good luck.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question