Modifying mount scans for client systems running Symantec AntiVirus for Macintosh

Article:TECH105500  |  Created: 2008-01-29  |  Updated: 2008-01-15  |  Article URL http://www.symantec.com/docs/TECH105500
Article Type
Technical Solution


Environment

Issue



By default, Symantec AntiVirus for Macintosh will scan all local media that is mounted by the file system. While this is desired to ensure that infected files and threats are not copied to other drives, there are times where exclusions will need to be made for trusted media or other drives that the user does not wish to be scanned. This can be accomplished by modifying the mount scan behavior of Auto-Protect.


Solution



The mount scans for Auto-Protect can be modified in three ways depending on your situation.

Unmanaged clients
Unmanaged clients can modify their Auto-Protect mount scan behavior via the Auto-Protect preferences pane in System Preferences in Mac OS X. By default, Symantec AntiVirus for Macintosh 10.0-10.1.x does not include preference panes for end users to use on their system to access Auto-Protect preferences. They can be downloaded from this location:
"Download the installer for Auto-Protect preference pane and Symantec QuickMenu" at:
http://service1.symantec.com/support/num.nsf/docid/2005083110442611

These preference panes are installed by default with Symantec AntiVirus for Macintosh 10.2.x.

Once the preference panes are confirmed as being present on the client workstation, open the System Preferences in Mac OS X and select the Symantec Auto-Protect preference pane, which will be located in the bottom row of preferences with the "Other" label. Click the padlock in the lower left corner of the window to authenticate and modify preferences. After accomplishing this:
  1. Click Mount Scan.
  2. Uncheck Scan Disks When Mounted to completely disable all mount scans provided by Auto-Protect.
    • Alternatively, leave Scan Disks When Mounted enabled and check only the types of disks that need to be scanned in the lower section of the window.
  1. Under the "Select which kinds of disks to scan", select These Kinds of Disks.
  2. Check the box next to the specific types of drives that will need to be scanned and uncheck drives that are to be excluded.
  3. Optionally, you can uncheck the "Show Progress During Scans" box at the top of the window if you do not wish the scans to be visible to the user.
  4. Once all changes are made, click the padlock in the lower left corner to secure the pane and close out of the "System Preferences."


Unmanaged clients without preference panes
If company policy dictates that the preference panes not be installed, the "com.symantec.autoprotect.plist" file located in /Library/Preferences can be edited to disable or selectively enable or disable individual mounted media scans. This will require the use of a Property List editor such as the one that comes with the XCode development tools from Apple. The following steps will describe the use of the Property List Editor application from Apple's XCode environment. Other .plist editors will have similar steps:
  1. Open the "com.symantec.autoprotect.plist" file with the "Property List Editor."
  2. Click the disclosure triangle next to "Root"
  3. Locate the line item for "MountScanOn"
    Note: This is a Boolean with a value of either Yes or No. If you wish to completely disable mount scans, set this value to No.

  4. If you wish to instead selectively enable or disable mount scans for various media types, change the Boolean value next to the scan type you wish to modify (Audio CDs, iPods, etc.).
  5. The visibility of the progress can also be viewed through the "ShowMountProgOn" Boolean value.
  6. Save the file after making all appropriate changes.


Managed Clients
If clients are managed by the Symantec Administration Console for Macintosh, a new set of Auto-Protect client preferences can be created and pushed to workstations managed by the Symantec Administration Console for Macintosh.
  1. Open the Symantec Administration Console for Macintosh and log into the console.
  2. Go to the "Client Preferences" tab and click Create 'Auto-Protect' Preference Set.
  3. In the "Mount Scan" section, select Scan when disks are mounted to enable or disable the mount scans.
    Note: The visibility for the scan progress can be enabled or disabled below this as desired.

  4. If there are only some scans that need to be enabled, make sure that the Scan when disks are mounted is enabled and select Only these types of disks and then the appropriate types of drives you need to have scanned.
  5. Save the preference set with an appropriate name and push this preference set to your client systems from the "Send Commands" tab.






Legacy ID



2008072911130748


Article URL http://www.symantec.com/docs/TECH105500


Terms of use for this information are found in Legal Notices