How do I stop the scan when Symantec loads at Boot Up?

Greetings,
About a month ago, I noticed that my laptop was doing an AntiVirus scan at boot up.  This really dogs the system and it takes up to 10 minutes for it to finish.   I originally set the antivirus up to only load and monitor and had also turned off any administrative or user scheduled scans.  This has worked great for years.
Now, it starts scanning at boot up.

This is the older Symantec Coporate Edition 10.1.0394.  The laptop is a member of a group called LAPTOPS that has settngs to not do a scheduled scan.  AUTOPROTECT is on and the user has no ablitly to end the resident virus protection.

At first I thought some settings had been changed, but I have reviewed the settings and it appears nothing has changed.   I also have confirmed that no viruses are being reported and risk history is blank.  I unistalled the client on my laptop and reinstalled it thinking something was hosed on the laptop, a registry entry or something, that would tell it to do a scan at startup.  It still scans at bootup.  

This was a problem that we experienced when we first installed the product that was solved by setting administrative settings.

So here is my questions.
1) Why is the scan running?
2) Is it possible NAV thinks there is an issue (a virus was detected previously) and is doing a scan for protection?
3) Since the settings say "when file is accessed or  modified" is it possible it is scanning all files that are opening at startup, and if so, why now does it dog the system so after a couple of years of being unoticble?
3) If I change my setting for "Scan files when"  to MODIFIED (scan on Create) does this trully open up a bigger risk of infection?

Also I am running a defrag to insure the files are not fragmented.

Some expert advice on this will be greatly appreciated.
Thanks
Harry
 
HCSHAWAsked:
Who is Participating?
 
HCSHAWConnect With a Mentor Author Commented:
Thanks to all for your input, but none of these have resolved the issue.  I did improve the performance by doing a defrag and will do some more research into possible solutions, for the time being, it is bearable.   The reference to the DOSCAN must be for another version.  All I see is RTVScan running at bootup with our versoin.    I was unable to locate any other place that sets up a scan at bootup besides the already mentioned areas, and they are set to not do a scan.   As to jimmymycp02 point, we are on an older version, and more than likely, better performance will be gained when we move to a newer product.  However that is not an option for us at this time.
0
 
Sudeep SharmaTechnical DesignerCommented:
When the computer starts do open the Task Manager and see if you notice file named DoScan.exe. I remember there was some issue earlier with Symantec AntiVirus related to this exe. If it is the same executable then below article might help you:

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005042710304248

Sudeep
0
 
HCSHAWAuthor Commented:
Thanks for the suggestion.  I do have a later version where that was fixed.  RTVSCAN is the one I find running.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Sudeep SharmaTechnical DesignerCommented:
You could also try HitManPro just to make sure there is nothing which is making Symantec go Amok

32bit
http://dl.surfright.nl/HitmanPro35.exe

64bit
http://dl.surfright.nl/HitmanPro35_x64.exe

I hope that would help

Sudeep
0
 
Sudeep SharmaTechnical DesignerCommented:
Also there is one article on symantec related to this issue you could check

http://www.symantec.com/connect/forums/rtvscanexe-high-memory-usage-sav

Sudeep
0
 
HCSHAWAuthor Commented:
Thanks for the links.   I have run Malwarebytes and also ran Hitmanpro since different products find different issues.  Nothing glaring came out.

Ref the Symantec article: I followed the discussion and it seemed to be on the right track but ended up with no solution found.  I did confirm that my registry has the appropriate entry.

0
 
jimmymcp02Commented:
honestly.
 
I would do 2 things.
 
Update sav corp to 10.1.9 or upgrade to sep 11mu6 mp1
 
the version you are running is extreamly old i bet you after doing a windows update your av software started to fail.
0
 
HCSHAWAuthor Commented:
The cost to upgrade has  not been bugeted  for this year.   Last time I got a quote it was pretty expensive.   We continue to get the updates but I understand your point.      
0
 
wwakefieldCommented:
Symantec automatically has a Auto-Generated QuickScan set in the "Startup Scans" section.

When it runs at boot up you will see DoScan.Exe

Although you are unable to kill the scan during excetution, you can delete it from the StartUp Scan section.
0
 
wwakefieldCommented:
One more thing to check is the possibility that numerous or other users have set up unique scans under their profiles.   I am sure you checked the event logs already so you would probably know that.  Sorry it did not work out.
0
 
HCSHAWAuthor Commented:
Thanks for the suggestion.  It is a good point that someone could have done something, but in this case it is my dedicated laptop and  I am the only one to use or have access to it.   In reviewing the event logs I found no suspicious entries that would indicate tampering.  I appreciate the brainstorming from all, but some issues are just a real pain, and as with this one, there appears to be no obvious explanation for the behavior.  
0
 
jmlambTechnical Account ManagerCommented:
This isn't a solution to your problem, but I wanted you to know that if you're currently maintaining your SAVCE licensing, you're automatically eligible to upgrade to SEP at no additional licensing cost (assuming you don't install more clients than you're currently licensed for).
0
 
HCSHAWAuthor Commented:
We are not currently maintaining the support licensing but this got me to thinking if we might be entitled for the SEP version.  After researching this it turns out we are entitled to the SEP version since we did have a support contract at the time it was released.   Currently, we do not have a support contract, so we would not be eligible for any future updates unless we purchased a current support contract (1200.00).  I called support and received an upgrade email notification with a code and downloaded the SEP v11.06.  Now the question is, am I brave enough to attempt to implement without a support contract.  I can see this blowing up in my face rather quickly.  I am going to do my homework and see if I want to attempt this, if so, I'll put it on the list of things to do before the end of the year.   If not, I will put in the budget for next year and do it then.  Thanks jmlamb for the nudge.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.