In the Symantec Endpoint Protection Manager (SEPM)
1. Create a policy to exclude the Backup Exec processes, from within Symantec Endpoint Protection Manager console.
a. Click on Policies, Firewall, Add a Firewall policy.
b. Set the Policy Name as Backup Exec Process, add a brief Description, and put a checkmark in the "Enable this policy" checkbox.
c. Click Rules, Add Rule, set Rule Name as "Allow Backup Exec" and click Next. Select "Allow connections" and click Next. Select only the applications listed below and click Add.
d. Add all Backup Exec processes listed below(*), and click Next. Select only the computers and sites listed below, click Add, add all Backup Exec Media Servers and click Next.
* Backup Exec processes
· C:\Program Files\Symantec\Backup Exec\beremote.exe
· C:\Program Files\Symantec\Backup Exec\beserver.exe
· C:\Program Files\Symantec\Backup Exec\bengine.exe
· C:\Program Files\Symantec\Backup Exec\benetns.exe
· C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
· C:\Program Files\Symantec\Backup Exec\BkUpexec.exe
· C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
(Change C:\ as needed depending on which root volume the Media Server or Remote Agent is installed to)
d. Select All types of communication and click Next. Click Finish. Click OK, Click Yes, select the Group or Subgroup where Backup exec Media Servers belongs, click Assign, and then click Yes.
2. Change the following File System Auto-Protect setting in Symantec Endpoint Protection Manager for each client group where an associated client has the Remote Agent for Windows installed.
a. Click on Clients, Policies Tab, select Virus and Spyware Protection policy – Balanced, click Edit Shared.
b. Within Protection Technology click on Auto-Protect, Click Advanced Scanning and Monitoring.
c. Click on Scan Details tab, select Scan when a file is modified, uncheck "Scan when a file is backed up", click OK and click OK once again.
In Symantec Endpoint Protection 12.1 client
Alternatively, the settings can be changed per client as well. The following steps are recommended for "unmanaged" or "self-managed" SEP clients.
(NOTE: SEP clients can either be "managed" or "unmanaged/self-managed." If the client is managed and a policy has been assigned to its client group in the SEPM, settings configured locally will not remain applied. It is recommended that managed SEP clients be configured by Firewall policies configured at the SEPM.)
1. Open Symantec Endpoint Protection Client.
2. Click "Change Settings".
3. Click "Configure Settings" for "Antivirus and Antispyware Protection Settings".
4. Click the tab labeled "Auto-Protect".
5. Click the button labeled "Advanced".
6. Change "Scan when a file is accessed or modified" to "Scan when a file is modified". *See below
7. Uncheck "Scan when a file is backed up".
8. Check “Do not scan files when trusted processes access the files”.
9. Click OK.
10. Click OK again .
11. Close Symantec Endpoint Protection Client.
Additional details about changing the "Scan files when" Option:
- Scan when a file is accessed or modified: Scans the files when they are written, opened, moved, copied, or run. Use this option for more complete file system protection. This option might have a performance impact because Auto-Protect scans files during all types of operations.
- Scan when a file is modified: Scans the files when they are written, modified, or copied. Use this option for slightly faster performance.
*Note: This option may permit threats to be executed from any removable media that is inserted. Please ensure proper steps are taken to avoid this.
Note: The setting "Scan when a file is backed up" applies only to files that are backed up. Auto-Protect scans the files that are restored from backup regardless of this setting.