Auto-Protect mount scans do not happen when logged into a User account in Mac OS X with Parental Controls enabled or logging in as a user managed by Workgroup Manager

Article:TECH105451  |  Created: 2008-01-22  |  Updated: 2010-01-04  |  Article URL http://www.symantec.com/docs/TECH105451
Article Type
Technical Solution


Environment

Issue



While logged into a standard User account, or managed account in Mac OS X with Symantec Endpoint Protection 11 for Macintosh or Symantec AntiVirus for Macintosh Corporate Edition installed, no scans of mounted media take place (CDs, external hard drives, iPods, USB thumb drives, etc.).


Cause



Parental Controls in Mac OS X or Workgroup Manager in Mac OS X Server is preventing required Symantec Endpoint Protection for Macintosh and Symantec AntiVirus for Macintosh support files from launching.

Solution



If this is a standard Mac OS X User account that is managed with Parental Controls on the workstation:

The Parental Controls for the Mac OS X User need to be adjusted to allow the following files to run when the User logs in and application usage is restricted:
/Library/Application Support/Symantec/AntiVirus/SAVDiskMountNofity
/Library/Application Support/Symantec/AntiVirus/ScanNotification
/Library/Application Support/Symantec/AntiVirus/SmallScanner
/Library/Application Support/Symantec/Scheduler/SymSecondaryLaunch
/Library/Application Support/Symantec/SymQuickMenu/SymQuickMenu

To add these files to the allowed list of applications in Parental Controls:

Mac OS X 10.4.x:
  1. Open the Accounts preference pane in System Preferences.
  2. Click the padlock in the lower left corner and authenticate to make settings changes as necessary.
  3. Click the User account to edit and click the Parental Controls tab.
  4. Check the box for Finder and System Settings and click the Locate... button.
  5. Navigate to the locations above and select the five items, repeating the steps to navigate to the location and select the next item as needed.
  6. Exit the "System Preferences."

Mac OS X 10.5.x or Mac OS X 10.6.x:
  1. Open the Parental Controls preference pane.
  2. Click the padlock in the lower left corner and authenticate to make settings changes as necessary.
  3. Select the account to be edited for Parental Controls.
  4. Verify that Only Allow Selected Applications is checked.
  5. Click the disclosure triangle next to "Other" to reveal the list of other applications.
  6. Scroll through the list and add checks next to SAVDiskMountNofity, ScanNotification, SmallScanner, SymQuickMenu and SymSecondaryLaunch
  7. Exit the "System Preferences."


If this is an account that is managed by Mac OS X Server and Workgroup Manager:

Workgroup Manager in Mac OS X Server needs to be adjusted to allow the following files to run when the User logs in and application usage is restricted:
/Library/Application Support/Symantec/AntiVirus/SAVDiskMountNofity
/Library/Application Support/Symantec/AntiVirus/ScanNotification
/Library/Application Support/Symantec/AntiVirus/SmallScanner
/Library/Application Support/Symantec/Scheduler/SymSecondaryLaunch
/Library/Application Support/Symantec/SymQuickMenu/SymQuickMenu
/Library/PreferencePanes/SymAutoProtect.prefPane/Contents/Resources/APPrefTool

To add these files to the allow list of applications in Workgroup Manager in Mac OS X Server:

Mac OS X Server 10.4.x:
  1. Launch Workgroup Manager in Mac OS X Server and authenticate as necessary.
  2. Select the "Preferences" icon in the toolbar.
  3. Select the user or group of users as necessary on the left.
  4. Select the "Applications" icon on the right.
  5. Click the "Add..." button to bring up a file selection button.
  6. A file selection window will appear. Use this to navigate to and select the files in the following locations listed above, repeating as necessary to select all files.
    Note: Please see Technical Information for how to add APPrefTool to the list.
  7. Click "Apply Now" and "Done" to finish the process.
  8. Select "Preferences" in the toolbar once again.
  9. Click the "Login" icon on the right.
  10. Click the "Add..." button to bring up a file selection button.
  11. A file selection window will appear. Use this to navigate to and select the files in the following locations listed above, repeating as necessary to select all files.
    Note: Please see Technical Information for how to add APPrefTool to the list.
  12. Click "Apply Now" and "Done" to finish the process.

Mac OS X Server 10.5.x or Mac OS X 10.6.x:
  1. Launch Workgroup Manager in Mac OS X Server and authenticate as necessary.
  2. Select the "Preferences" icon in the toolbar.
  3. Select the user or group of users as necessary on the left.
  4. Select the "Applications" icon on the right.
  5. Click the Plus (+) button on the right hand side to add applications allowed for the user to run.
  6. A file selection window will appear. Use this to navigate to and select the files in the following locations listed above, repeating as necessary to select all files.
    Note: Please see Technical Information for how to add APPrefTool to the list.
  7. Click the "Legacy" tab above to manage application restrictions for non-Leopard users.
  8. Click the Plus (+) button on the right hand side to additional applications to allow for the user.
  9. A file selection window will appear. Use this to navigate to and select the files in the following locations listed above, repeating as necessary to select all files.
    Note: Please see Technical Information for how to add APPrefTool to the list.
  10. Return to the Preferences section again by clicking the "Preferences" icon in the toolbar, saving as necessary any changes made so far.
  11. Click the "Login" icon on the right.
  12. Go to the "Items" tab.
  13. Click the Plus (+) button on the right hand side to add applications to run on user login.
  14. A file selection window will appear. Use this to navigate to and select the files in the following locations listed above, repeating as necessary to select all files.
    Note: Please see Technical Information for how to add APPrefTool to the list.

In any case it would be best to restart the computer after making configuration changes and then log back in as the User to verify that the scanning is now taking place.

NOTE: On a client with Parental Controls enabled, when opening the Auto-Protect preferences in System Preferences, the user interface may be incorrectly indicate that Auto-Protect is not currently running. In this situation, Auto-Protect can be confirmed as running by opening the Activity Monitor in the Utilities directory and verifying that SymAutoProtect is running.



Technical Information
APPrefTool resides within a package in the Library/PreferencePanes folder. In order to add it to the allowed list, please follow these steps:

  1. In the Finder, navigate to /Library/PreferencePanes.
  2. Right-click (or control-click) on SymAutoProtect.prefpane and choose Show Package Contents.
  3. Open Contents, then Resources.
  4. Drag and drop the APPrefTool into the Workgroup Manager's "Applications" window.

For PowerPC machines, the file may be called APPrefToolPPC.



Legacy ID



2008072215071948


Article URL http://www.symantec.com/docs/TECH105451


Terms of use for this information are found in Legal Notices