Endpoint Protection

 View Only

SEP 12.1 and Advance Scanning 

Sep 07, 2012 12:31 PM

Hello Everyone,

What is Scan: An operation that detects all resources visible to an explorer through either an in-band connection or a device manager. A CommandCentral Storage operator can initiate the scan operation through the Console. A scan is also performed routinely whenever an in-band explorer executes.

SEP 12.1 Advance scan features:

SEPM policies--->Virus and Spyware protection policy---> Edit the policy ---> Administrator defined scans ---> administrator on demand scan settings ---> scan details ---> Advance scanning options

Compressed Files

Number of levels to expand can set to maximum 10, if there are compressed files within compressed files . By default it’s set to 3.

Storage Migration

Option

Description

 

Skip offline files

Specifies that if the offline bit is set, the Symantec Endpoint Protection client skips the file

A small clock over a file's icon in Windows Explorer indicates that the offline bit is set. Any application can set the offline bit even if the file is not offline.

 

Skip offline and sparse files

Specifies that offline and sparse files are skipped

Some applications set the file sparse bit to indicate that part of the file is not present on the disk. Some HSM products set this bit and others don't. With a sparse file, a stub of the file remains on the disk, and the majority of the file is moved to offline storage. This setting is the default.

 

Skip offline and sparse files with a reparse point

Specifies that offline and sparse files with a reparse point are skipped

Some vendors use reparse points. Applications that use reparse points also use an appropriate device driver to manage reparse points in the files. With a reparse point, a portion of the file remains on disk, and the remainder is transparently accessed through the device driver.

 

Scan resident portions of offline and sparse files

Specifies that if the file is sparse, the Symantec Endpoint Protection client scans only the resident portion

The Symantec Endpoint Protection client identifies resident portions of a file. The nonresident portion remains in secondary storage. Some vendors support this capability.

 

Scan all files, forcing demigration (fills drive)

The Symantec Endpoint Protection client scans the entire file, which forces demigration from secondary storage if necessary. Because the size of the secondary storage is usually greater than the size of the local volume, this setting might fill the local volume. When the local volume is full, further files that are opened for scanning might fail.

 

Scan all files without forcing demigration (slow)

Specifies that all files are scanned, without forcing demigration

The Symantec Endpoint Protection client copies a file from secondary storage to the local hard drive as a temp file for scanning. The HSM application leaves the original file on the secondary storage.

This method is slow and not all HSM vendors support it. Because a file is copied from secondary storage to a disk for scanning, resource demand is high. Processor and network performance might further degrade as the Symantec Endpoint Protection client detects infected content when a repair or deletion is returned to secondary storage.

 

Scan all files recently touched without forcing demigration

Specifies that all files that have been touched recently are scanned, without forcing demigration

This option lets you specify that only the files that have been migrated recently and might still reside on faster secondary storage are scanned. This method can reduce some of the resource demand issues with the Scan all files without forcing demigration option.

You can the scan the files that reside on faster disks, and skip demigration and scans if the files reside on slow disks. For example, files might be migrated to a remote disk after 30 days of no access. After 60 days of no access, the file is migrated to DVD-ROM or remote SAN storage. This method might still be slow because file access without forced demigration can be a slow operation.

If you select this option, you must select the type of access and the number of days to define "recently touched."

 

Open files using backup semantics

Specifies that files be opened using backup semantics

In some cases, using this option may allow the Symantec Endpoint Protection client to scan files without demigration. It may also allow the client to scan the stub, but not the rest of the demigrated file.

 

Type of access within the number of days selected

If you select Scan all files recently touched without forcing demigration, you must set this option. This option specifies the type of access (Accessed, Modified, or Created) and the number of days to define as "recent."

Check this article for more reference:  https://www-secure.symantec.com/connect/forums/endpoint-scan-storage-migration-options

 

Tunning:

By default it's set to Best Application Performance.

 

Few helpful links:

Setting up scheduled scans that run on Windows computers

http://www.symantec.com/docs/HOWTO55263

Setting up scheduled scans that run on mac computers

http://www.symantec.com/docs/HOWTO55264

Adjusting scans to improve computer performance

http://www.symantec.com/docs/HOWTO55250

Adjusting scans to increase protection on your client computers

http://www.symantec.com/docs/HOWTO55307

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Nov 30, 2012 11:21 PM

if it is new variant then rapid release definiton is out to remediate the issue. Late this signature is included in the daily certified definition.

 

Nov 30, 2012 10:59 PM

question.

 

some time our SEP Client is updated with latest all definiiton but some files are not clened in scan and when we submite some file to syamntec support after that they provide us rapid release link and suggested for scan system in safemode with rapid release definition.Why need to scan by rapid
definitions.

Oct 24, 2012 11:40 PM

nice information......!

 

Oct 19, 2012 09:00 PM

thank you for sharing it here man !

Sep 18, 2012 08:58 AM

Nice article.............thanx for sharing.

Sep 17, 2012 05:33 AM

I have over 3000 clients that have home folders on a server. Server has 10TB of data - take too long to scan. Could I setup a scheduled scan or does SEP 12.1 automatically scan the network folder for each user (global setting). What impact will the scanning have on the performance of bother server and client.?

Related Entries and Links

No Related Resource entered.