Does Symantec Endpoint Protection scan NTFS Alternate Data Streams?
|Article:TECH173434|||||Created: 2011-11-02|||||Updated: 2011-11-02|||||Article URL http://www.symantec.com/docs/TECH173434|
Can the Symantec Endpoint Protection (SEP) product scan and detect virus or other malware stored within NTFS Alternate Data Streams?
Yes, Symantec Endpoint Protection 11.0 and 12.1 is able to scan and detect threats within NTFS Alternate Data Streams (ADS).
Realtime Protection or File System Auto-Protect can scan within Alternate Data Streams associated with both files and folders.
Alternate Data Streams (ADS) is a feature within the NTFS filesystem that can hold secondary content in addition to the main content of a file. For more information about the feature please see this article from Microsoft.
Examples of malware that utilize ADS include:
Article URL http://www.symantec.com/docs/TECH173434