Hello,
Please check these 2 recent Articles:
SEP 12.1.2 Best Practices on Citrix Virtual Desktops ( Provisioning Services) -Part 1-
SEP 12.1.2 Best Practices on Citrix Virtual Desktops ( Provisioning Services) -Part 2-
I would suggest you to check the Virtual Image Exception (VIE) tool -
The Symantec Endpoint Protection (SEP) 12.1 client checks for this attribute before scanning files and skips scanning any files that are marked as "known good" by the VIE tool. Scans on VDI clients created with images processed by the VIE tool will experience lower I/O load, CPU usage, and network bandwidth usage during scheduled and manual scans.
The Virtual Image Exception (VIE) tool was created specifically for VDI environments deployed using shared base images. The VIE tool provides the ability to exempt the files in a base image from SEP client scans once the image is deployed. If the files are updated or changed in any way, the updated/changed files will be scanned as usual.
It is suggested that VM admins either record their VIE exceptions list prior to their VM template machine being added to the domain, or place the computer account for the VM template machine into an OU with no GPOs applied. Once the VIEtool's exceptions list has been created, GPOs can then be applied to the system as normal.
Please see the following article for more information on use of the VIE tool:
http://www.symantec.com/business/support/resources/sites/BUSINESS/content/staging/DOCUMENTATION/4000/DOC4335/en_US/2.0/sep_virtual_image_exception.pdf
Here are the Steps and Action:
Step 1: On the base image, perform a full scan all of the files to ensure that the files are clean. If the Symantec Endpoint Protection client quarantines infected files, you must repair or delete the quarantined files to remove them from quarantine.
Step 2: Ensure that the client's quarantine is empty.
Step 3: Run the Virtual Image Exception tool from the command line to mark the base image files. Check the Article:
Step 4: Enable the feature in Symantec Endpoint Protection Manager so that your clients know to look for and bypass the marked files when a scan runs.
Step 5: Remove the Virtual Image Exception tool from the base image.
The Virtual Image Exception tool supports fixed, local drives. It works with the files that conform to the New Technology File System (NTFS) standard.
Reference:
Symantec Endpoint Protection Virtual Image Exception User Guide 12.1
http://www.symantec.com/docs/DOC4335
About the Symantec Virtual Image Exception tool
http://www.symantec.com/docs/TECH172218
Symantec Endpoint Protection 12.1 - Virtualization Best Practices
http://www.symantec.com/docs/TECH173650
SEP 12.1 & Virtualization
https://www-secure.symantec.com/connect/articles/sep-121-virtualization
Hope that helps!!