Configuring Symantec Endpoint Protection for Macintosh for use on multimedia intensive environments

Article:TECH145300  |  Created: 2010-11-30  |  Updated: 2010-12-28  |  Article URL
Article Type
Technical Solution




Symantec Endpoint Protection for Macintosh (SEP for Mac) can be safely installed and used on Mac workstations that routinely run processor-intensive multimedia applications such as audio, image and video editors. However, further tuning of the SEP for Mac performance can be made to ensure a balance between antivirus protection and the performance of mission-critical applications.


The SEP for Mac client can be tuned either via policy from the Symantec Endpoint Protection Manager (SEPM) (if this is a managed client), or directly from the Symantec Auto-Protect preference pane in System Preferences and the Symantec Scheduler (if this is an unmanaged client). Note that these settings changes are recommended for systems that are used heavily and cannot afford to have interruptions due to unexpected scan events, etc.

Tuning via policy from the SEPM:

Within the SEPM, open the Antivirus and Antispyware policy that is used in the group that the SEP for Mac client or clients reside in. There will be a specific Mac Settings section of the policy that will be edited.

Administrator-Defined Scans:

Be sure that any Administrator-Defined scans do not take place at a time that the system will be used. If a system is needed to be used on a continuous cycle to render video, etc., disable any Administrator-Defined scans while the systems will be used in this way. Also note that any missed scan events due to the system being shut down or otherwise unavailable will trigger the next time the Macintosh boots.

File System Auto-Protect:

It is best and always recommended to leave Auto-Protect enabled and set to repair automatically infected files and quarantine files that cannot be repaired. The Auto-Protect scans are in general very fast and will not impact most users. In the event of working with larger archives, scans of compressed files may be disabled. When the files are brought out of the archive and decompressed they will be scanned by Auto-Protect.

Within this section of the policy, exclusions for locations on the drive can also be set. A user may wish to exclude folders that are used for scratch disk areas of a drive or where large rendering project files will be saved. As noted in the policy, when selecting the option to scan everywhere except within specified folders, a centralized exception policy for those folders will also need to be set up.

Finally, within the File System Auto-Protect section of the policy, uncheck the option to scan disks or devices are they are mounted to the file system.

Tuning for unmanaged SEP for Mac clients:

Symantec Scheduler:

For unmanaged SEP for Mac clients, you will want to check the Symantec Scheduler for scheduled scans. As noted above, you will want to disable any scheduled scans created locally for the system. SEP for Macintosh also creates a default LiveUpdate scheduler that will run as root upon install. Within the terminal use the following command to see when the default LiveUpdate event is set to run:

sudo symsched -l

You can use the symsched command to remove or change the scheduled default LiveUpdate to a time that is more convenient or remove the default LiveUpdate event entirely. This default LiveUpdate event does not appear in the Symantec Scheduler for the User as it is set for the root account. For information on using the symsched command to add, modify or remove events, please refer to Guide to symsched Command-line Switches.

Symantec Auto-Protect preference pane:

The remaining settings can be tailored via System Preferences available in the Apple menu. In System Preferences, select the Symantec Auto-Protect preference pane and click the padlock in the lower left to authenticate as an Administrator and make changes to the default settings. In the General tab, changed the option to "off" for scanning compressed files.

In SafeZones, select the option "Everywhere EXCEPT in:" and add in the locations that you wish to not have scanned by SafeZone scans such as scratch disk volumes and folders where large files will be written to regularly.

Within the third tab, Mount Scan, uncheck the option to scan disks when mounted. Click the padlock and close the System Preferences.

Article URL

Terms of use for this information are found in Legal Notices