What does the full scan from the Symantec Endpoint Recovery Tool (SERT) CD scan?
|Article:TECH150491|||||Created: 2011-01-27|||||Updated: 2013-11-01|||||Article URL http://www.symantec.com/docs/TECH150491|
You are wondering why the full scan from the Symantec Endpoint Protection (SEP) client reports that it scans many more files then a full scan initiated from the SERT LiveCD.
SEP Client Scan:
By default, files inside compressed archives are scanned.
The default number of levels scanned (depth) within a compressed archive file is 3.
SERT CD Scan:
Does not scan compressed archive files.
The intention of the SERT CD is not to replace the full scan from a SEP client, but rather it is to scan systems where you are not able to install a SEP client or SEP's ability to run a scan has been damaged due to an infection.
Although the SERT CD scan will scan all fixed drives, it will not scan inside archives like zip, rar, cab and similar. Therefore the number of scanned files with the SERT CD will typically be much lower.
Article URL http://www.symantec.com/docs/TECH150491