Does Symantec Endpoint Protection scan NTFS Alternate Data Streams?

Article:TECH173434  |  Created: 2011-11-02  |  Updated: 2011-11-02  |  Article URL http://www.symantec.com/docs/TECH173434
Article Type
Technical Solution


Issue



Can the Symantec Endpoint Protection (SEP) product scan and detect virus or other malware stored within NTFS Alternate Data Streams?

 


Solution



Yes, Symantec Endpoint Protection 11.0 and 12.1 is able to scan and detect threats within NTFS Alternate Data Streams (ADS).

Realtime Protection or File System Auto-Protect can scan within Alternate Data Streams associated with both files and folders.

 

Alternate Data Streams (ADS) is a feature within the NTFS filesystem that can hold secondary content in addition to the main content of a file. For more information about the feature please see this article from Microsoft.

 

Examples of malware that utilize ADS include:

 




Article URL http://www.symantec.com/docs/TECH173434


Terms of use for this information are found in Legal Notices