8 Replies Latest reply on Sep 23, 2009 11:00 AM by JonKeo

    Questions about Anti-Malware

    Apprentice

      Is there a log which is created that details what's occuring during an anti-malware scan?

       

      I ask because I have been scanning a workstation that had malware on it and it wasn't finding or cleaning it.  I used another anti-malware scanner which, while scanning the drive triggered alerts from the anti-virus.

       

      This leads me to believe that maybe the anti-malware scanner really wasn't scanning all files and folders.

       

      Any suggestions on how I can confirm my scans are scanning and searching all files.

       

      Thanks!

       

      Jonathan

        • 1. Re: Questions about Anti-Malware
          LANDave SupportEmployee

          The log that details the scanning activity is the AVService_Channel.log in the following location:

           

          XP/2003: C:\Documents and Settings\All Users\Application Data\LANDeskAV

          Vista/Server 2008: C:\ProgramData\LANDeskAV

          • 2. Re: Questions about Anti-Malware
            Expert

            You might also look in the vulscan log. If you are running the Spyware scan,

            it is logging to the vulscan.log

             

            You will find a entry for each spyware vulnerability that is in the scan

            folder.

             

            XP/2003: C:\Documents and Settings\All Users\Application Data\Vulscan

            Vista/Server 2008: C:\ProgramData\Vulscan

            • 3. Re: Questions about Anti-Malware
              Apprentice

              Thanks Aaron,

               

              I researched the log and couldn't find the entries you spoke of.  We download and install all new Anti-Malware so I assumed I would find lots of entries.  I did obviously find lots of Microsoft entries.  I attached a copy of my Vulscan log if you thought you could easily find it for me so I can I find next time.

              • 4. Re: Questions about Anti-Malware
                LANDave SupportEmployee

                Ahh, my apologies.   I thought you were talking about LANDesk Antivirus, but you are indeed talking about the LANDesk anti-spyware.

                 

                My mistake.

                • 5. Re: Questions about Anti-Malware
                  Expert

                  on the off chance that you are still looking at this problem. I looked at the log, this scan didn't do a Spyware scan. The most likely cause of this is that the Scan and repiar setting you are using doesn't have Spyware selected.

                  • 6. Re: Questions about Anti-Malware
                    Rookie

                    How can we confirm we have it set up correctly (Jon's co-worker here)? We followed the guide that was provided at http://community.landesk.com/support/docs/DOC-5106 however it seems there is something we are still missing?

                     

                    As mentioned, do we need to adjust the Scan and Repair settings for the agent to include spyware? We are hesistant to do so only because of the performance impact being seen on workstations. Thank you.

                    • 7. Re: Questions about Anti-Malware
                      Expert

                      I just want to wrap up this thread with the answer to the post above.

                       

                      The article you followed will enable the real time scan on the clients. The log for the real time Spyware scan is called softmon.exe it is located in the same location as the vulscan logs. which are:

                      XP/2003: C:\Documents and Settings\All Users\Application Data\Vulscan

                      Vista/Server 2008: C:\ProgramData\Vulscan

                       

                      You need to be careful with just having the realtime scan enabled but not doing the Full Spyware scan from the Scan and repair settings. This is because the only way you can currently get the updated Spyware defs is to run a Full Spyware scan. So if you only have the realtime running you will not be scanning using the current definitions.

                      1 of 1 people found this helpful
                      • 8. Re: Questions about Anti-Malware
                        Apprentice

                        Aaron,

                         

                        I just wanted to add that when I started this thread I was unaware I could view the results in the reports section.  By researching the reports I found most of what I was looking for there.