Not a real solution, as a workaround I have disabled the "realtime scanning" enabled check for Norton.

This is most cases is a bug on the hostscan software. Probably came about with the new version of Norton. I would suggest opening a TAC case with the debug dap trace and DART ( with hostscan logging set to debugging) as outputs to the TAC engineer. I could not find an open bug for this issue yet. 

Thanks for the quick response.  I thought about doing the same but when I checked her laptop, Norton was disabled and there was no antivirus active.  Made me a little nervous.  I will open a TAC case. 

I opened a ticket and it took a while to convince him there is a bug with Norton but he eventually got there.  Here is his final response:

Problem Description:

=================

Hostscan Antivirus End Point Norton activescan=internalerror

Resolution:

=========

-Checked and reviewed config for DAP for VPN.

-Found Machine running Norton Security 22.12.0.104.

-Informed Nancy that the there is an internal Bug for the error received for this DAP.

Do you have the Cisco bug id provided by the TAC engineer? I would add that to the thread here so that anyone else searching for the same fix can reference that.

I asked, here is his response:

Hi Nancy,

 The Bug is an Internal one and cannot be shared.

 However, I have already attached it to the case for any cisco employee visibility.

That is a really really stupid response from TAC !! This bug clearly should not be internal only as you (a customer) are hitting this issue.

Since the TAC engineer has attached the bug to your case, you can actually go to your case on Support Case Manager and find the bug id in the Case summary section.

LOL!  I gave up years ago trying to talk sense into TAC.  I told him the exact problem with debugs and an hour later he put me on hold and came back and said this a bug relating to the latest version of Norton.  My response was...Ohhh, I see.  :)

Bug:  CSCuz85109 (Insufficient Permissions to View Bug)

TAC has really gone downhill the last few years IMO. Whenever I open a case I always include a "show tech", logs showing the issue etc. and the first question/request I get from every tech is "please send me a show tech and describe the problem"

This is the reason I started this post in the first place, TAC was clueless when I opened a ticket so I turned to the community.

Has anyone had any updates or luck in resolving this? I opened a TAC case today but have not spoken with Cisco yet.

What version of hostscan are you running?  A new version was released on 3/7 4.3.05050.  I had a workaround in place that I have not yet removed so I am not sure if this fixes it, but the new Norton version is now listed as supported whereas it was not before.  

hostscan_4.3.05038-k9.pkg so it looks like I am one behind......the initial response from TAC case I opened today was that it is not fixed yet and he was checking with peers for workarounds or status.