Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do I stop the scan when Symantec loads at Boot Up?

Posted on 2010-09-16
13
Medium Priority
?
1,195 Views
Last Modified: 2013-12-09
Greetings,
About a month ago, I noticed that my laptop was doing an AntiVirus scan at boot up.  This really dogs the system and it takes up to 10 minutes for it to finish.   I originally set the antivirus up to only load and monitor and had also turned off any administrative or user scheduled scans.  This has worked great for years.
Now, it starts scanning at boot up.

This is the older Symantec Coporate Edition 10.1.0394.  The laptop is a member of a group called LAPTOPS that has settngs to not do a scheduled scan.  AUTOPROTECT is on and the user has no ablitly to end the resident virus protection.

At first I thought some settings had been changed, but I have reviewed the settings and it appears nothing has changed.   I also have confirmed that no viruses are being reported and risk history is blank.  I unistalled the client on my laptop and reinstalled it thinking something was hosed on the laptop, a registry entry or something, that would tell it to do a scan at startup.  It still scans at bootup.  

This was a problem that we experienced when we first installed the product that was solved by setting administrative settings.

So here is my questions.
1) Why is the scan running?
2) Is it possible NAV thinks there is an issue (a virus was detected previously) and is doing a scan for protection?
3) Since the settings say "when file is accessed or  modified" is it possible it is scanning all files that are opening at startup, and if so, why now does it dog the system so after a couple of years of being unoticble?
3) If I change my setting for "Scan files when"  to MODIFIED (scan on Create) does this trully open up a bigger risk of infection?

Also I am running a defrag to insure the files are not fragmented.

Some expert advice on this will be greatly appreciated.
Thanks
Harry
 
0
Comment
Question by:HCSHAW
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +2
13 Comments
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 33697337
When the computer starts do open the Task Manager and see if you notice file named DoScan.exe. I remember there was some issue earlier with Symantec AntiVirus related to this exe. If it is the same executable then below article might help you:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005042710304248

Sudeep
0
 

Author Comment

by:HCSHAW
ID: 33701221
Thanks for the suggestion.  I do have a later version where that was fixed.  RTVSCAN is the one I find running.
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 33705312
You could also try HitManPro just to make sure there is nothing which is making Symantec go Amok

32bit
http://dl.surfright.nl/HitmanPro35.exe

64bit
http://dl.surfright.nl/HitmanPro35_x64.exe

I hope that would help

Sudeep
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 33705359
Also there is one article on symantec related to this issue you could check

http://www.symantec.com/connect/forums/rtvscanexe-high-memory-usage-sav

Sudeep
0
 

Author Comment

by:HCSHAW
ID: 33705541
Thanks for the links.   I have run Malwarebytes and also ran Hitmanpro since different products find different issues.  Nothing glaring came out.

Ref the Symantec article: I followed the discussion and it seemed to be on the right track but ended up with no solution found.  I did confirm that my registry has the appropriate entry.

0
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 33709887
honestly.
 
I would do 2 things.
 
Update sav corp to 10.1.9 or upgrade to sep 11mu6 mp1
 
the version you are running is extreamly old i bet you after doing a windows update your av software started to fail.
0
 

Author Comment

by:HCSHAW
ID: 33710072
The cost to upgrade has  not been bugeted  for this year.   Last time I got a quote it was pretty expensive.   We continue to get the updates but I understand your point.      
0
 
LVL 6

Expert Comment

by:wwakefield
ID: 33710103
Symantec automatically has a Auto-Generated QuickScan set in the "Startup Scans" section.

When it runs at boot up you will see DoScan.Exe

Although you are unable to kill the scan during excetution, you can delete it from the StartUp Scan section.
0
 

Accepted Solution

by:
HCSHAW earned 0 total points
ID: 33725560
Thanks to all for your input, but none of these have resolved the issue.  I did improve the performance by doing a defrag and will do some more research into possible solutions, for the time being, it is bearable.   The reference to the DOSCAN must be for another version.  All I see is RTVScan running at bootup with our versoin.    I was unable to locate any other place that sets up a scan at bootup besides the already mentioned areas, and they are set to not do a scan.   As to jimmymycp02 point, we are on an older version, and more than likely, better performance will be gained when we move to a newer product.  However that is not an option for us at this time.
0
 
LVL 6

Expert Comment

by:wwakefield
ID: 33728957
One more thing to check is the possibility that numerous or other users have set up unique scans under their profiles.   I am sure you checked the event logs already so you would probably know that.  Sorry it did not work out.
0
 

Author Comment

by:HCSHAW
ID: 33729111
Thanks for the suggestion.  It is a good point that someone could have done something, but in this case it is my dedicated laptop and  I am the only one to use or have access to it.   In reviewing the event logs I found no suspicious entries that would indicate tampering.  I appreciate the brainstorming from all, but some issues are just a real pain, and as with this one, there appears to be no obvious explanation for the behavior.  
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 33730668
This isn't a solution to your problem, but I wanted you to know that if you're currently maintaining your SAVCE licensing, you're automatically eligible to upgrade to SEP at no additional licensing cost (assuming you don't install more clients than you're currently licensed for).
0
 

Author Comment

by:HCSHAW
ID: 33736648
We are not currently maintaining the support licensing but this got me to thinking if we might be entitled for the SEP version.  After researching this it turns out we are entitled to the SEP version since we did have a support contract at the time it was released.   Currently, we do not have a support contract, so we would not be eligible for any future updates unless we purchased a current support contract (1200.00).  I called support and received an upgrade email notification with a code and downloaded the SEP v11.06.  Now the question is, am I brave enough to attempt to implement without a support contract.  I can see this blowing up in my face rather quickly.  I am going to do my homework and see if I want to attempt this, if so, I'll put it on the list of things to do before the end of the year.   If not, I will put in the budget for next year and do it then.  Thanks jmlamb for the nudge.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question