Disabling the Quick Scan that runs after virus definitions update in Symantec AntiVirus 10.0 and Symantec Client Security 3.0

Article:TECH101323  |  Created: 2005-01-25  |  Updated: 2010-08-13  |  Article URL http://www.symantec.com/docs/TECH101323
Article Type
Technical Solution


Environment

Issue



After you update virus definitions, Symantec AntiVirus Corporate Edition 10.0 runs a Defwatch Quick Scan. Symantec AntiVirus quarantines security risks for which you created an exception during this Quick Scan. You need to know how to disable the Defwatch Quick Scan.

 


Solution




 


Before you begin: This document applies to Symantec AntiVirus 10.0 and Symantec Client Security 3.0. If you use Symantec AntiVirus 10.1 or Symantec Client Security 3.1, read the following document:
Disabling the Quick Scan that runs after virus definitions update in Symantec AntiVirus 10.1 and Symantec Client Security 3.1
 




A Quick Scan is a fast scan of the following:

  • Files loaded into memory
  • Common virus and security risk loading points, including registry keys and startup files


To disable the Quick Scan that runs after virus definitions update, follow the directions for each type of computer in your environment.


Servers
You can disable the Defwatch Quick Scan by importing a .reg file or by editing the registry. After you make this change, the Quick Scan still runs after virus definitions update, but the Quick Scan does not scan any files.

To disable the Defwatch Quick Scan by importing a .reg file


To disable the Defwatch Quick Scan by editing the registry

  1. On the Windows taskbar, click Start > Run.
  2. In the Open box, type the following text:

    regedit

     
  3. Click OK.
  4. In the left pane of the Registry Editor, go to the following key:

    HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\Defwatch QuickScan Options

     
  5. In the right pane, double-click the ScanBootSector value.
  6. Change the Value data field to 0, and then click OK.
  7. In the right pane, double-click the ScanLoadPoints value.
  8. Change the Value data field to 0, and then click OK.
  9. In the right pane, double-click the ScanProcesses value.
  10. Change the Value data field to 0, and then click OK.
  11. Exit the Registry Editor.



Managed clients
You can disable the Defwatch Quick Scan on all managed clients by editing the registry on the parent server. After you make this change, the Quick Scan still runs after virus definitions update, but the Quick Scan does not scan any files.

To disable the Defwatch Quick Scan by editing the registry on the parent server

  1. On the Windows taskbar, click Start > Run.
  2. In the Open box, type the following text:

    regedit

     
  3. Click OK.
  4. In the left pane of the Registry Editor, go to the following key:

    HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\ClientConfig\LocalScans

  5. Right-click the LocalScans key, and then click New > Key.
  6. Type the following name for the key:

    Defwatch QuickScan Options

  7. Right-click the Defwatch QuickScan Options key, and then click New > DWORD Value.
  8. Type the following name for the key:

    ScanBootSector

     
  9. Right-click the Defwatch QuickScan Options key, and then click New > DWORD Value.
  10. Type the following name for the key:

    ScanLoadPoints


    Right-click the Defwatch QuickScan Options key, and then click New > DWORD Value.
  11. Type the following name for the key:

    ScanProcesses

     
  12. In the right pane, double-click the ScanBootSector value.
  13. Change the Value data field to 0, and then click OK.
  14. In the right pane, double-click the ScanLoadPoints value.
  15. Change the Value data field to 0, and then click OK.
  16. In the right pane, double-click the ScanProcesses value.
  17. Change the Value data field to 0, and then click OK.
  18. If you use client groups, go to the following key:

    HKEY_LOCAL_MACHINE\Software\Intel\LANDesk\VirusProtect6\CurrentVersion\Groups\<GroupName>\ClientConfig\LocalScans

    where <GroupName> is the name of a client group.

     
  19. Repeat steps 5–17, and then continue to step 20.
  20. Repeat steps 18 and 19 for each client group.
  21. Exit the Registry Editor.
  22. Start Symantec System Center, and unlock the server group.
  23. Right-click the parent server, and then click All Tasks > Symantec AntiVirus > Client Auto-Protect Options.
  24. Click Reset All, and then click OK.



Unmanaged clients
You can disable the Defwatch Quick Scan by importing a .reg file or by editing the registry. After you make this change, the Quick Scan still runs after virus definitions update, but the Quick Scan does not scan any files.

To disable the Defwatch Quick Scan by importing a .reg file


To disable the Defwatch Quick Scan by editing the registry

  1. On the Windows taskbar, click Start > Run.
  2. In the Open box, type the following text:

    regedit

     
  3. Click OK.
  4. In the left pane of the Registry Editor, go to the following key:

    HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\Defwatch QuickScan Options

     
  5. In the right pane, double-click the ScanBootSector value.
  6. Change the Value data field to 0, and then click OK.
  7. In the right pane, double-click the ScanLoadPoints value.
  8. Change the Value data field to 0, and then click OK.
  9. In the right pane, double-click the ScanProcesses value.
  10. Change the Value data field to 0, and then click OK.
  11. Exit the Registry Editor.






Technical Information
The Defwatch Quick Scan does not use the exclusions or exceptions that are set for the Default Quick Scan, which runs when the computer starts. You cannot configure the DefWatch Quick Scan by using Symantec System Center or in the Symantec AntiVirus program interface.


In Symantec AntiVirus 10.1 and later, you can turn off the Deftwach Quick Scan for managed clients by using Symantec System Center.

 


Supplemental Materials

ValueDefect #1-4BQOJP

Legacy ID



2005052514152448


Article URL http://www.symantec.com/docs/TECH101323


Terms of use for this information are found in Legal Notices