Solved

How do I stop the scan when Symantec loads at Boot Up?

Posted on 2010-09-16
13
1,168 Views
Last Modified: 2013-12-09
Greetings,
About a month ago, I noticed that my laptop was doing an AntiVirus scan at boot up.  This really dogs the system and it takes up to 10 minutes for it to finish.   I originally set the antivirus up to only load and monitor and had also turned off any administrative or user scheduled scans.  This has worked great for years.
Now, it starts scanning at boot up.

This is the older Symantec Coporate Edition 10.1.0394.  The laptop is a member of a group called LAPTOPS that has settngs to not do a scheduled scan.  AUTOPROTECT is on and the user has no ablitly to end the resident virus protection.

At first I thought some settings had been changed, but I have reviewed the settings and it appears nothing has changed.   I also have confirmed that no viruses are being reported and risk history is blank.  I unistalled the client on my laptop and reinstalled it thinking something was hosed on the laptop, a registry entry or something, that would tell it to do a scan at startup.  It still scans at bootup.  

This was a problem that we experienced when we first installed the product that was solved by setting administrative settings.

So here is my questions.
1) Why is the scan running?
2) Is it possible NAV thinks there is an issue (a virus was detected previously) and is doing a scan for protection?
3) Since the settings say "when file is accessed or  modified" is it possible it is scanning all files that are opening at startup, and if so, why now does it dog the system so after a couple of years of being unoticble?
3) If I change my setting for "Scan files when"  to MODIFIED (scan on Create) does this trully open up a bigger risk of infection?

Also I am running a defrag to insure the files are not fragmented.

Some expert advice on this will be greatly appreciated.
Thanks
Harry
 
0
Comment
Question by:HCSHAW
  • 6
  • 3
  • 2
  • +2
13 Comments
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 33697337
When the computer starts do open the Task Manager and see if you notice file named DoScan.exe. I remember there was some issue earlier with Symantec AntiVirus related to this exe. If it is the same executable then below article might help you:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005042710304248

Sudeep
0
 

Author Comment

by:HCSHAW
ID: 33701221
Thanks for the suggestion.  I do have a later version where that was fixed.  RTVSCAN is the one I find running.
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 33705312
You could also try HitManPro just to make sure there is nothing which is making Symantec go Amok

32bit
http://dl.surfright.nl/HitmanPro35.exe

64bit
http://dl.surfright.nl/HitmanPro35_x64.exe

I hope that would help

Sudeep
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 33705359
Also there is one article on symantec related to this issue you could check

http://www.symantec.com/connect/forums/rtvscanexe-high-memory-usage-sav

Sudeep
0
 

Author Comment

by:HCSHAW
ID: 33705541
Thanks for the links.   I have run Malwarebytes and also ran Hitmanpro since different products find different issues.  Nothing glaring came out.

Ref the Symantec article: I followed the discussion and it seemed to be on the right track but ended up with no solution found.  I did confirm that my registry has the appropriate entry.

0
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 33709887
honestly.
 
I would do 2 things.
 
Update sav corp to 10.1.9 or upgrade to sep 11mu6 mp1
 
the version you are running is extreamly old i bet you after doing a windows update your av software started to fail.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:HCSHAW
ID: 33710072
The cost to upgrade has  not been bugeted  for this year.   Last time I got a quote it was pretty expensive.   We continue to get the updates but I understand your point.      
0
 
LVL 6

Expert Comment

by:wwakefield
ID: 33710103
Symantec automatically has a Auto-Generated QuickScan set in the "Startup Scans" section.

When it runs at boot up you will see DoScan.Exe

Although you are unable to kill the scan during excetution, you can delete it from the StartUp Scan section.
0
 

Accepted Solution

by:
HCSHAW earned 0 total points
ID: 33725560
Thanks to all for your input, but none of these have resolved the issue.  I did improve the performance by doing a defrag and will do some more research into possible solutions, for the time being, it is bearable.   The reference to the DOSCAN must be for another version.  All I see is RTVScan running at bootup with our versoin.    I was unable to locate any other place that sets up a scan at bootup besides the already mentioned areas, and they are set to not do a scan.   As to jimmymycp02 point, we are on an older version, and more than likely, better performance will be gained when we move to a newer product.  However that is not an option for us at this time.
0
 
LVL 6

Expert Comment

by:wwakefield
ID: 33728957
One more thing to check is the possibility that numerous or other users have set up unique scans under their profiles.   I am sure you checked the event logs already so you would probably know that.  Sorry it did not work out.
0
 

Author Comment

by:HCSHAW
ID: 33729111
Thanks for the suggestion.  It is a good point that someone could have done something, but in this case it is my dedicated laptop and  I am the only one to use or have access to it.   In reviewing the event logs I found no suspicious entries that would indicate tampering.  I appreciate the brainstorming from all, but some issues are just a real pain, and as with this one, there appears to be no obvious explanation for the behavior.  
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 33730668
This isn't a solution to your problem, but I wanted you to know that if you're currently maintaining your SAVCE licensing, you're automatically eligible to upgrade to SEP at no additional licensing cost (assuming you don't install more clients than you're currently licensed for).
0
 

Author Comment

by:HCSHAW
ID: 33736648
We are not currently maintaining the support licensing but this got me to thinking if we might be entitled for the SEP version.  After researching this it turns out we are entitled to the SEP version since we did have a support contract at the time it was released.   Currently, we do not have a support contract, so we would not be eligible for any future updates unless we purchased a current support contract (1200.00).  I called support and received an upgrade email notification with a code and downloaded the SEP v11.06.  Now the question is, am I brave enough to attempt to implement without a support contract.  I can see this blowing up in my face rather quickly.  I am going to do my homework and see if I want to attempt this, if so, I'll put it on the list of things to do before the end of the year.   If not, I will put in the budget for next year and do it then.  Thanks jmlamb for the nudge.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Dropbox,Google Drive cloud system protection 2 72
Ransome Ware Question 10 138
antivirus on mac 8 73
Antivirus - Webroot vs Symantec? 6 104
12 Steps to a more secure Internet experience (http://tekblog.teksquisite.com/) Everyone who is a licensed driver initially had to pass a driving test that consisted of taking:    1. a written test    2. a road test    3. a vision test Le…
PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now