The Symantec Endpoint Protection client for Windows may be configured to run an Active Scan when new definitions arrive, but this Active Scan does not appear to starting as expected.

Endpoint Protection logs show entries for definition updates, but there are no "Defwatch QuickScan" entries that would normally follow such updates.

This may be due to a missing short file name for one of the Defwatch QuickScan DLLs (dwLdPntScan.dll). This can happen if 8.3 file name creation was disabled when SEP was installed.

 

This has been fixed in SEP 12.1 RU6 MP3 so the installer uses long filenames only, in the related registry values.

A work-around is to rename the following registry value name on SEP clients from "DWLDPN~1.DLL" to "dwLdPntScan.dll":
32-bit systems: HKLM\SOFTWARE\Symantec\SharedDefs\DefWatch\Handlers\DWLDPN~1.DLL
64-bit systems: HKLM\SOFTWARE\Wow6432Node\Symantec\SharedDefs\DefWatch\Handlers\DWLDPN~1.DLL