Solved

How do I stop the scan when Symantec loads at Boot Up?

Posted on 2010-09-16
13
1,160 Views
Last Modified: 2013-12-09
Greetings,
About a month ago, I noticed that my laptop was doing an AntiVirus scan at boot up.  This really dogs the system and it takes up to 10 minutes for it to finish.   I originally set the antivirus up to only load and monitor and had also turned off any administrative or user scheduled scans.  This has worked great for years.
Now, it starts scanning at boot up.

This is the older Symantec Coporate Edition 10.1.0394.  The laptop is a member of a group called LAPTOPS that has settngs to not do a scheduled scan.  AUTOPROTECT is on and the user has no ablitly to end the resident virus protection.

At first I thought some settings had been changed, but I have reviewed the settings and it appears nothing has changed.   I also have confirmed that no viruses are being reported and risk history is blank.  I unistalled the client on my laptop and reinstalled it thinking something was hosed on the laptop, a registry entry or something, that would tell it to do a scan at startup.  It still scans at bootup.  

This was a problem that we experienced when we first installed the product that was solved by setting administrative settings.

So here is my questions.
1) Why is the scan running?
2) Is it possible NAV thinks there is an issue (a virus was detected previously) and is doing a scan for protection?
3) Since the settings say "when file is accessed or  modified" is it possible it is scanning all files that are opening at startup, and if so, why now does it dog the system so after a couple of years of being unoticble?
3) If I change my setting for "Scan files when"  to MODIFIED (scan on Create) does this trully open up a bigger risk of infection?

Also I am running a defrag to insure the files are not fragmented.

Some expert advice on this will be greatly appreciated.
Thanks
Harry
 
0
Comment
Question by:HCSHAW
  • 6
  • 3
  • 2
  • +2
13 Comments
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 33697337
When the computer starts do open the Task Manager and see if you notice file named DoScan.exe. I remember there was some issue earlier with Symantec AntiVirus related to this exe. If it is the same executable then below article might help you:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005042710304248

Sudeep
0
 

Author Comment

by:HCSHAW
ID: 33701221
Thanks for the suggestion.  I do have a later version where that was fixed.  RTVSCAN is the one I find running.
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 33705312
You could also try HitManPro just to make sure there is nothing which is making Symantec go Amok

32bit
http://dl.surfright.nl/HitmanPro35.exe

64bit
http://dl.surfright.nl/HitmanPro35_x64.exe

I hope that would help

Sudeep
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 33705359
Also there is one article on symantec related to this issue you could check

http://www.symantec.com/connect/forums/rtvscanexe-high-memory-usage-sav

Sudeep
0
 

Author Comment

by:HCSHAW
ID: 33705541
Thanks for the links.   I have run Malwarebytes and also ran Hitmanpro since different products find different issues.  Nothing glaring came out.

Ref the Symantec article: I followed the discussion and it seemed to be on the right track but ended up with no solution found.  I did confirm that my registry has the appropriate entry.

0
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 33709887
honestly.
 
I would do 2 things.
 
Update sav corp to 10.1.9 or upgrade to sep 11mu6 mp1
 
the version you are running is extreamly old i bet you after doing a windows update your av software started to fail.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:HCSHAW
ID: 33710072
The cost to upgrade has  not been bugeted  for this year.   Last time I got a quote it was pretty expensive.   We continue to get the updates but I understand your point.      
0
 
LVL 6

Expert Comment

by:wwakefield
ID: 33710103
Symantec automatically has a Auto-Generated QuickScan set in the "Startup Scans" section.

When it runs at boot up you will see DoScan.Exe

Although you are unable to kill the scan during excetution, you can delete it from the StartUp Scan section.
0
 

Accepted Solution

by:
HCSHAW earned 0 total points
ID: 33725560
Thanks to all for your input, but none of these have resolved the issue.  I did improve the performance by doing a defrag and will do some more research into possible solutions, for the time being, it is bearable.   The reference to the DOSCAN must be for another version.  All I see is RTVScan running at bootup with our versoin.    I was unable to locate any other place that sets up a scan at bootup besides the already mentioned areas, and they are set to not do a scan.   As to jimmymycp02 point, we are on an older version, and more than likely, better performance will be gained when we move to a newer product.  However that is not an option for us at this time.
0
 
LVL 6

Expert Comment

by:wwakefield
ID: 33728957
One more thing to check is the possibility that numerous or other users have set up unique scans under their profiles.   I am sure you checked the event logs already so you would probably know that.  Sorry it did not work out.
0
 

Author Comment

by:HCSHAW
ID: 33729111
Thanks for the suggestion.  It is a good point that someone could have done something, but in this case it is my dedicated laptop and  I am the only one to use or have access to it.   In reviewing the event logs I found no suspicious entries that would indicate tampering.  I appreciate the brainstorming from all, but some issues are just a real pain, and as with this one, there appears to be no obvious explanation for the behavior.  
0
 
LVL 12

Expert Comment

by:jmlamb
ID: 33730668
This isn't a solution to your problem, but I wanted you to know that if you're currently maintaining your SAVCE licensing, you're automatically eligible to upgrade to SEP at no additional licensing cost (assuming you don't install more clients than you're currently licensed for).
0
 

Author Comment

by:HCSHAW
ID: 33736648
We are not currently maintaining the support licensing but this got me to thinking if we might be entitled for the SEP version.  After researching this it turns out we are entitled to the SEP version since we did have a support contract at the time it was released.   Currently, we do not have a support contract, so we would not be eligible for any future updates unless we purchased a current support contract (1200.00).  I called support and received an upgrade email notification with a code and downloaded the SEP v11.06.  Now the question is, am I brave enough to attempt to implement without a support contract.  I can see this blowing up in my face rather quickly.  I am going to do my homework and see if I want to attempt this, if so, I'll put it on the list of things to do before the end of the year.   If not, I will put in the budget for next year and do it then.  Thanks jmlamb for the nudge.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now