Endpoint Protection

 View Only

  • 1.  Rtvscan.exe scaning all c:\users\XXX\ntuser.dat endlessly

    Posted Aug 30, 2011 03:06 PM

    So we are using SEP 11.0.6300.803 and on our machines we have 100s of profiles. Rtvscan.exe is scanning all ntuser.dat profiles all the time. It completly kills disk performance and disk queue hangs around 5 all the time. We have watched this happen for hours on end.

    Thoughts on what is going on here?



  • 2.  RE: Rtvscan.exe scaning all c:\users\XXX\ntuser.dat endlessly

    Posted Aug 30, 2011 07:51 PM
    All those profiles will be scanned. You may want to set an exclusion on this.


  • 3.  RE: Rtvscan.exe scaning all c:\users\XXX\ntuser.dat endlessly

    Trusted Advisor
    Posted Aug 31, 2011 06:15 AM

    Hello,

    Could you try and see if an exclusion of the NTUSER.DAT file from scanning helps to temporarily work around the issue?

    http://www.symantec.com/docs/HOWTO18217

    Add the exclusion as follows: %userprofile%\ntuser.dat

    Hope that resolves the Issue.



  • 4.  RE: Rtvscan.exe scaning all c:\users\XXX\ntuser.dat endlessly

    Posted Aug 31, 2011 08:54 AM

    While i havent done this yet, it has crossed my mind. However i am reluctent to take this as a solution. I am more interested in the root of this problem and not a quick work around. Since this isnt happening on all our machines but a select number from a certain group of computers. I am in the middle of a reinstall to see if the issue comes back.



  • 5.  RE: Rtvscan.exe scaning all c:\users\XXX\ntuser.dat endlessly

    Posted Sep 02, 2011 11:03 AM

    I added the "DAT" to the extension exclusion list and yes that does fix the issue. Still looking for thoughts on why this is happening. It appears to be this way on about 10 machines out of 500. 



  • 6.  RE: Rtvscan.exe scaning all c:\users\XXX\ntuser.dat endlessly

    Posted Feb 28, 2012 04:25 PM

    JustusIV - did you find anything abou this issue?

    I'm working with 2 Terminal Services (Win 2008) servers and one of them is scanning the ntuser.dat continuously.

    I've been dealing with performance issues on these servers that I can't pin down and recently I've made some adjustments as suggested in this article:

    http://www.symantec.com/business/support/index?page=content&id=TECH91070&locale=en_US

    specifically diabling the SMCGUI and adding exceptions. I'm not sure if this had anything to do with the rtvscans but i ended up adding an exception to the ntuser.dat as suggested here. I've only made the changes on one of the servers to compare. I'd be curious to find out why symantec is scanning these files so much.

    In addition, we had sporadic user logon lockups on the TS servers (user logs on and profile never loads, just spins) and reading other forums about this issue suggest that this may be the case (still need to investigate on my end, but the pieces are starting to fall in place).