Endpoint Protection

 View Only
  • 1.  Scanning of Samba shares

    Posted Oct 07, 2009 05:55 AM
    A few questions about scanning and network shares:
    1. In SEP 11.0.5 I find the setting "Scan files on network drives" under "Antivirus and Antispyware protection/Filesystem autoprotect". This just tells the client to scan files on network shares when I access them...correct?
    2. When SEP is doing a full scan it doesn´t scan network drives....is this correct?
    3. If it does scan network shares during full scan....is there and option in SEPM 11.0.5 for SEP  to not scan network drives?
    4. Do you think it´s a good idea to have one client continouosly scanning the shares?

    The reason I´m asking is that we have alot of Samba shares and we have been having alot of problems with the shares just about since we started installing more and more SEP clients. Could be a coincidence but I have to check all possiblities.

    Thank you in advance!



  • 2.  RE: Scanning of Samba shares

    Posted Oct 07, 2009 06:51 AM
    By default Network Scanning is unchecked ( disabled )
    So when you configure a Schedule scan/ Full scan make sure you you have network Scanning unchecked ( disabled)
    I don't think will be able to scan SAMBA drives as they will be in ext3 and SEP will scan only NTFS and FAT32.

    Even if you select to scan netowkr Drivers it will only scan NTFS and FAT32.

    So i would recommend to install SAVFL ( symantec Antivirus for Linux) that is avaiable on the CD2 from SEP 11 download.
    it also contains a pdf which tells you what all open-source OS are supported with SAVFL and how to install and configure it on Linux/Unix


  • 3.  RE: Scanning of Samba shares

    Posted Oct 07, 2009 06:56 AM
    In SEP 11.0.5 I find the setting "Scan files on network drives" under "Antivirus and Antispyware protection/Filesystem autoprotect". This just tells the client to scan files on network shares when I access them...correct?

    Yes you are correct, will be scanned when you access them.

    When SEP is doing a full scan it doesn´t scan network drives....is this correct? yes it does not do that, full scan will come under scheduled scan.

    Here is the way to disable it.

    Changing the password that is required to scan mapped network drives

    Symantec Endpoint Protection requires users on client computers to provide a password before they can scan a mapped network drive. By default, this password is set to symantec.

    Note:

    If users scan network drives, the scan can impact the client computer performance.

    You can click Help for more information about the options that are used in the procedure.

    To change the password that is required to scan mapped drives

    1. On the Antivirus and Antispyware Policy page, click Miscellaneous.

    2. On the Miscellaneous tab, under Scan Network Drive, check Ask for password before scanning a mapped network drive.

    3. Click Change Password.

    4. In the Configure Password dialog box, type a new password, and then confirm by typing the password again.

    5. Click OK.

    6. If you are finished with the configuration for this policy, click OK.



  • 4.  RE: Scanning of Samba shares

    Posted Oct 07, 2009 07:19 AM
    When I create a scheduled scan from within SEPM I cannot see a network scanning option.


  • 5.  RE: Scanning of Samba shares

    Posted Oct 07, 2009 08:07 AM
    Thats right my bad...

    Scheduled scan do not scan the Mapped Drivesas it will take ages to scan them only File System Autoprotect Scans them ( realtime scan)
    Reason Full scan do not scan those drives is because FIlesystem autoprotect is already scanning them ( if any file is accessed or modified in that driver autoprotect will scan it )
    And If you have a Antivirus on that system it will also can those drives.making it scan twice.
    However you can create a Custom scan to scan your Mapped drives locally not from SEPM.


  • 6.  RE: Scanning of Samba shares

    Posted Oct 07, 2009 09:37 AM
    I've never seen any problems using the default settings in regards to network drives and shares.


  • 7.  RE: Scanning of Samba shares

    Posted Mar 31, 2010 04:11 AM
    Is it possible that the option to scan the files on network drives, obstructs any network access during reboot?

    There is a specific case wherein, for a DFS scenario in a domain, if I check this option and reboot the client, I keep getting the balloon in the status bar saying that the DFS share is not accessible and needs a resync. Whereas, if I synchronize using the "offline files" dialog that pops up, everything goes fine. 

    The question is whether, momentarily after a reboot, there is a possibility that the network resources, DFS in this case, are blocked/unaccessible until the scan is completed.

    My DFS is configured with a root as \\<DomainName>\<ShareName>.

    If I use the root as \\<ServerName>\<ShareName>, the issues encountered.

    If I disable this option, I never see the balloon appearing to the status bar.

    Any insights in this area, will be highly appreciated.

    TIA.