How to add Folder Exclusion for autoprotect, manual and weekly scans in Symantec Antivirus for Linux

Article:TECH123497  |  Created: 2010-01-25  |  Updated: 2012-08-20  |  Article URL http://www.symantec.com/docs/TECH123497
Article Type
Technical Solution


Environment

Issue



You would like to exclude some folders in the scheduled scans, manual scans or autoprotect so that scan errors do not appear in the Linux system log. How to add folder exclusions with the command line in Symantec Antivirus for Linux (SAVFL) 1.0.7 and higher?  
 

 

 


Error



Example error in you system log:

Feb 25 09:13:11 SERVER rtvscand: Scan could not open file /sys/block/loop6/size [00000003]
 


Cause



In some folders in Linux (for example /sys ) it is best to prevent rtvscan from accessing the files. Rtvscan will be not able to scan those files because the files are in use.


Solution



Unless the PATH has been modified, the following commands must be run from the location where the symcfg tool is located.  By default that is /opt/Symantec/symantec_antivirus.  It may also be necessary to run these using sudo.

First of all you have to enable the possibility for rtvscan to have folder exclusions.

./symcfg add -k '\Symantec Endpoint Protection\AV\LocalScans\ManualScan' -v HaveExceptionDirs -d 1 -t REG_DWORD <- This is used to have the possibility to exclude folders in a manual scan (sav manualscan -s /)

./symcfg add -k '\Symantec Endpoint Protection\AV\Storages\FileSystem\RealTimeScan' -v HaveExceptionDirs -d 1 -t REG_DWORD <- This is used to have the possibility to exclude folders from the autoprotect, when this functionality is installed and activated

./symcfg add -k '\Symantec Endpoint Protection\AV\Custom Tasks\weeklyscan' -v HaveExceptionDirs -d 1 -t REG_DWORD <- Here you enable the Folder Exclusion which will be applied for the weekly scan (has to be created before)


After this is done we can add the folder which we don’t want to be scanned by rtvscan.

./symcfg add -k '\Symantec Endpoint Protection\AV\LocalScans\ManualScan\NoScanDir' -v /proc -d 1 -t REG_DWORD <- Here we exclude the folder /proc in the manual scan, which can be started with the command (for example: sav manualscan -s / )

./symcfg add -k '\Symantec Endpoint Protection\AV\Storages\FileSystem\RealTimeScan\NoScanDir' -v /proc -d 1 -t REG_DWORD <-Here we exclude the folder /proc from the autoprotect, when this function is up and running

./symcfg add -k '\Symantec Endpoint Protection\AV\Custom Tasks\weeklyscan\NoScanDir' -v /proc -d 1 -t REG_DWORD <- this exclusion applies to the weekly scan called “weeklyscan” (has to be created before)


After these settings are changed and successfully added to the "fake registry", rtvscan will not scan those excluded folders on a Linux system.

 

References

Additional information can be found in the Connect Forum article SAV for Linux Scanning Best Practices: A (Somewhat) Illustrated Guide.

 




Legacy ID



2010022513285548


Article URL http://www.symantec.com/docs/TECH123497


Terms of use for this information are found in Legal Notices