Hello Everyone,
What is Scan: An operation that detects all resources visible to an explorer through either an in-band connection or a device manager. A CommandCentral Storage operator can initiate the scan operation through the Console. A scan is also performed routinely whenever an in-band explorer executes.
SEP 12.1 Advance scan features:
SEPM policies--->Virus and Spyware protection policy---> Edit the policy ---> Administrator defined scans ---> administrator on demand scan settings ---> scan details ---> Advance scanning options
Compressed Files
Number of levels to expand can set to maximum 10, if there are compressed files within compressed files . By default it’s set to 3.
Storage Migration
Option
|
Description
|
Skip offline files
|
Specifies that if the offline bit is set, the Symantec Endpoint Protection client skips the file
A small clock over a file's icon in Windows Explorer indicates that the offline bit is set. Any application can set the offline bit even if the file is not offline.
|
Skip offline and sparse files
|
Specifies that offline and sparse files are skipped
Some applications set the file sparse bit to indicate that part of the file is not present on the disk. Some HSM products set this bit and others don't. With a sparse file, a stub of the file remains on the disk, and the majority of the file is moved to offline storage. This setting is the default.
|
Skip offline and sparse files with a reparse point
|
Specifies that offline and sparse files with a reparse point are skipped
Some vendors use reparse points. Applications that use reparse points also use an appropriate device driver to manage reparse points in the files. With a reparse point, a portion of the file remains on disk, and the remainder is transparently accessed through the device driver.
|
Scan resident portions of offline and sparse files
|
Specifies that if the file is sparse, the Symantec Endpoint Protection client scans only the resident portion
The Symantec Endpoint Protection client identifies resident portions of a file. The nonresident portion remains in secondary storage. Some vendors support this capability.
|
Scan all files, forcing demigration (fills drive)
|
The Symantec Endpoint Protection client scans the entire file, which forces demigration from secondary storage if necessary. Because the size of the secondary storage is usually greater than the size of the local volume, this setting might fill the local volume. When the local volume is full, further files that are opened for scanning might fail.
|
Scan all files without forcing demigration (slow)
|
Specifies that all files are scanned, without forcing demigration
The Symantec Endpoint Protection client copies a file from secondary storage to the local hard drive as a temp file for scanning. The HSM application leaves the original file on the secondary storage.
This method is slow and not all HSM vendors support it. Because a file is copied from secondary storage to a disk for scanning, resource demand is high. Processor and network performance might further degrade as the Symantec Endpoint Protection client detects infected content when a repair or deletion is returned to secondary storage.
|
Scan all files recently touched without forcing demigration
|
Specifies that all files that have been touched recently are scanned, without forcing demigration
This option lets you specify that only the files that have been migrated recently and might still reside on faster secondary storage are scanned. This method can reduce some of the resource demand issues with the Scan all files without forcing demigration option.
You can the scan the files that reside on faster disks, and skip demigration and scans if the files reside on slow disks. For example, files might be migrated to a remote disk after 30 days of no access. After 60 days of no access, the file is migrated to DVD-ROM or remote SAN storage. This method might still be slow because file access without forced demigration can be a slow operation.
If you select this option, you must select the type of access and the number of days to define "recently touched."
|
Open files using backup semantics
|
Specifies that files be opened using backup semantics
In some cases, using this option may allow the Symantec Endpoint Protection client to scan files without demigration. It may also allow the client to scan the stub, but not the rest of the demigrated file.
|
Type of access within the number of days selected
|
If you select Scan all files recently touched without forcing demigration, you must set this option. This option specifies the type of access (Accessed, Modified, or Created) and the number of days to define as "recent."
|
Check this article for more reference: https://www-secure.symantec.com/connect/forums/endpoint-scan-storage-migration-options
Tunning:
By default it's set to Best Application Performance.
Few helpful links:
Setting up scheduled scans that run on Windows computers
http://www.symantec.com/docs/HOWTO55263
Setting up scheduled scans that run on mac computers
http://www.symantec.com/docs/HOWTO55264
Adjusting scans to improve computer performance
http://www.symantec.com/docs/HOWTO55250
Adjusting scans to increase protection on your client computers
http://www.symantec.com/docs/HOWTO55307