How to enable SEP for Mac Automatic Repair so infected files are detected and repaired

Article:TECH106045  |  Created: 2008-01-26  |  Updated: 2011-12-22  |  Article URL http://www.symantec.com/docs/TECH106045
Article Type
Technical Solution

Product(s)

Environment

Issue



With Symantec Endpoint Protection for Macintosh 11 (SEP for Mac) or Symantec Antivirus for Macintosh 10.x (SAV for Mac), Auto-Protect and manual or scheduled scanning detect infected files, but do not appear to be remediated, and continue to be detected and reported as infected.

 


Cause



Automatic Repair is not enabled by default.


Solution



For SEP managed computers:

To enable Automatic Repair for Auto-Protect:

  1. Log into the Symantec Endpoint Protection Manager (SEPM).
  2. Go to Policies > Antivirus and Antispyware and edit the appropriate policy for the group in which the Macintosh clients belong.
  3. In the policy, under Mac Settings, choose File System Auto-Protect.
  4. In the Scan Details tab, check the box for Automatically repair infected files.


To enable Automatic Repair when a scheduled scan is performed:

  1. Log into the Symantec Endpoint Protection Manager (SEPM).
  2. Go to Policies > Antivirus and Antispyware and edit the appropriate policy for the group in which the Macintosh clients belong.
  3. In the policy, under Mac Settings, choose Administrator-Defined Scans.
  4. In the Common Settings tab, check the box next to Automatically repair infected files.


To enable Automatic Repair when a manual scan is performed:

  1. Log into the Symantec Endpoint Protection Manager (SEPM).
  2. Go to Policies > Antivirus and Antispyware and edit the appropriate policy for the group in which the Macintosh clients belong.
  3. In the policy, under Mac Settings, choose Administrator-Defined Scans.
  4. In the Scans tab, under Administrator On-demand Scan, click on Edit....
  5. On the Scan Details tab, under Actions, check the box next to Automatically repair infected files.


The updated policy can be then distributed to the Macintosh clients via the following means:

  • On the next subsequent restart, cold boot or heartbeat of the client to the SEPM.
  • On the client by going to the Symantec QuickMenu in the menu bar and selecting Management > Update Policy.


For SEP unmanaged computers:

To enable Automatic Repair for Auto-Protect:

  1. Under System Preferences, choose the Symantec Auto-Protect preference pane.
  2. Click on the lock to make changes, and authenticate when prompted.
  3. Under General, under Select your Automatic Repair settings, click on the button in front of On.
  4. Click on the lock again to lock the changes.


To enable Automatic Repair when a scan is performed:

There are no preference settings within the SEP for Macintosh user interface to change the state of the Auto Repair in manual scans. However, Automatic Repair can be enabled by manually setting the preference.

  1. Open the Terminal Application (located within /Applications/Utilities)
  2. At the command line, type the following to set the preference for all users on the machine:
    For scheduled scans: sudo defaults write /Library/Preferences/com.Symantec.SAVX AutoRepairPref -bool YES

    For manual scans:  sudo defaults write /Library/Preferences/com.Symantec.NAVX AutoRepairPref -bool YES
    Authenticate when prompted.


For SAV managed computers:

To enable Automatic Repair for Auto-Protect:

  1. Under Client Preferences, choose Create "Auto-Protect" Preference Set.
  2. Choose a Key ID, enter the Key Password, and give the preference set a name.
  3. Under Repair, check Automatic Repair.
  4. Adjust any other settings you wish to adjust, then click on Save Preference Set.


To enable Automatic Repair when a scan is performed:

  1. Under Client Preferences, choose Create "Symantec AntiVirus" Preference Set.
  2. Choose a Key ID, enter the Key Password, and give the preference set a name.
  3. Under Repair Options, choose Automatically repair infected files.
  4. Adjust any other settings you wish to adjust, then click on Save Preference Set.


Note: Do not use special characters (like an apostrophe) in the preference set names. Letters, numbers and spaces are acceptable.

Once the preference sets are created, they will need to be pushed to the client. Preference sets must be pushed one at a time.

  1. Under Send Commands, select Set Symantec Product Preferences from the drop-down list, highlight the client/s to receive the changes (or leave it at Send command to all clients) and click the Specify Parameters button
  2. On the next screen, fill in all of the boxes (including Key Password), use the drop-down menu to choose the preference set to push out, then click Command.
  3. Monitor the Command Log to ensure the command is successfully pushed.


For SAV Unmanaged Computers:

To enable Automatic Repair for Auto-Protect:

  1. Under System Preferences, choose the Symantec Auto-Protect preference pane.
  2. Click on the lock to make changes, and authenticate when prompted.
  3. Under General, under Select your Automatic Repair settings, click on the button in front of On.
  4. Click on the lock again to lock the changes.


To enable Automatic Repair for when a scan is performed:

There are no preference settings within the Symantec AntiVirus for Macintosh user interface to change the state of the Auto Repair in manual scans. However, Automatic Repair can be enabled by manually setting the preference.

  1. Open the Terminal Application (located within /Applications/Utilities)
  2. At the command line, type the following to set the preference for the user who is currently logged in:
    For scheduled scans: defaults write ~/Library/Preferences/com.Symantec.SAVX AutoRepairPref -bool YES
    For manual scans: defaults write ~/Library/Preferences/com.Symantec.NAVX AutoRepairPref -bool YES
    Authenticate when prompted.

For SAV for Mac versions prior to 10.2, preference panes must be separately installed. They can be downloaded from Symantec's FTP site.



Legacy ID



2008092608540048


Article URL http://www.symantec.com/docs/TECH106045


Terms of use for this information are found in Legal Notices