Unless the PATH has been modified, the following commands must be run from the location where the symcfg tool is located.  By default that is /opt/Symantec/symantec_antivirus.  It may also be necessary to run these using sudo.

First of all you have to enable the possibility for rtvscan to have folder exclusions.

./symcfg add -k '\Symantec Endpoint Protection\AV\LocalScans\ManualScan' -v HaveExceptionDirs -d 1 -t REG_DWORD <- This is used to have the possibility to exclude folders in a manual scan (sav manualscan -s /)

./symcfg add -k '\Symantec Endpoint Protection\AV\Storages\FileSystem\RealTimeScan' -v HaveExceptionDirs -d 1 -t REG_DWORD <- This is used to have the possibility to exclude folders from the autoprotect, when this functionality is installed and activated

./symcfg add -k '\Symantec Endpoint Protection\AV\Custom Tasks\weeklyscan' -v HaveExceptionDirs -d 1 -t REG_DWORD <- Here you enable the Folder Exclusion which will be applied for the weekly scan (has to be created before)


After this is done we can add the folder which we don’t want to be scanned by rtvscan.

./symcfg add -k '\Symantec Endpoint Protection\AV\LocalScans\ManualScan\NoScanDir' -v /proc -d 1 -t REG_DWORD <- Here we exclude the folder /proc in the manual scan, which can be started with the command (for example: sav manualscan -s / )

./symcfg add -k '\Symantec Endpoint Protection\AV\Storages\FileSystem\RealTimeScan\NoScanDir' -v /proc -d 1 -t REG_DWORD <-Here we exclude the folder /proc from the autoprotect, when this function is up and running

./symcfg add -k '\Symantec Endpoint Protection\AV\Custom Tasks\weeklyscan\NoScanDir' -v /proc -d 1 -t REG_DWORD <- this exclusion applies to the weekly scan called “weeklyscan” (has to be created before)


After these settings are changed and successfully added to the "fake registry", rtvscan will not scan those excluded folders on a Linux system.

References

Additional information can be found in the Connect Forum article SAV for Linux Scanning Best Practices: A (Somewhat) Illustrated Guide.