How to add Folder Exclusion for autoprotect, manual and weekly scans in Symantec Antivirus for Linux
|Article:TECH123497|||||Created: 2010-01-25|||||Updated: 2012-08-20|||||Article URL http://www.symantec.com/docs/TECH123497|
Example error in you system log:
Feb 25 09:13:11 SERVER rtvscand: Scan could not open file /sys/block/loop6/size 
In some folders in Linux (for example /sys ) it is best to prevent rtvscan from accessing the files. Rtvscan will be not able to scan those files because the files are in use.
Unless the PATH has been modified, the following commands must be run from the location where the symcfg tool is located. By default that is /opt/Symantec/symantec_antivirus. It may also be necessary to run these using sudo.
First of all you have to enable the possibility for rtvscan to have folder exclusions.
./symcfg add -k '\Symantec Endpoint Protection\AV\LocalScans\ManualScan' -v HaveExceptionDirs -d 1 -t REG_DWORD <- This is used to have the possibility to exclude folders in a manual scan (sav manualscan -s /)
./symcfg add -k '\Symantec Endpoint Protection\AV\Storages\FileSystem\RealTimeScan' -v HaveExceptionDirs -d 1 -t REG_DWORD <- This is used to have the possibility to exclude folders from the autoprotect, when this functionality is installed and activated
./symcfg add -k '\Symantec Endpoint Protection\AV\Custom Tasks\weeklyscan' -v HaveExceptionDirs -d 1 -t REG_DWORD <- Here you enable the Folder Exclusion which will be applied for the weekly scan (has to be created before)
After this is done we can add the folder which we don’t want to be scanned by rtvscan.
./symcfg add -k '\Symantec Endpoint Protection\AV\LocalScans\ManualScan\NoScanDir' -v /proc -d 1 -t REG_DWORD <- Here we exclude the folder /proc in the manual scan, which can be started with the command (for example: sav manualscan -s / )
./symcfg add -k '\Symantec Endpoint Protection\AV\Storages\FileSystem\RealTimeScan\NoScanDir' -v /proc -d 1 -t REG_DWORD <-Here we exclude the folder /proc from the autoprotect, when this function is up and running
./symcfg add -k '\Symantec Endpoint Protection\AV\Custom Tasks\weeklyscan\NoScanDir' -v /proc -d 1 -t REG_DWORD <- this exclusion applies to the weekly scan called “weeklyscan” (has to be created before)
After these settings are changed and successfully added to the "fake registry", rtvscan will not scan those excluded folders on a Linux system.
Additional information can be found in the Connect Forum article SAV for Linux Scanning Best Practices: A (Somewhat) Illustrated Guide.
Article URL http://www.symantec.com/docs/TECH123497