Does Symantec Endpoint Protection scan NTFS Alternate Data Streams?
| Article:TECH173434 | | | Created: 2011-11-02 | | | Updated: 2011-11-02 | | | Article URL http://www.symantec.com/docs/TECH173434 |
Problem
Can the Symantec Endpoint Protection (SEP) product scan and detect virus or other malware stored within NTFS Alternate Data Streams?
Solution
Yes, Symantec Endpoint Protection 11.0 and 12.1 is able to scan and detect threats within NTFS Alternate Data Streams (ADS).
Realtime Protection or File System Auto-Protect can scan within Alternate Data Streams associated with both files and folders.
Alternate Data Streams (ADS) is a feature within the NTFS filesystem that can hold secondary content in addition to the main content of a file. For more information about the feature please see this article from Microsoft.
Examples of malware that utilize ADS include:
|
|
Article URL http://www.symantec.com/docs/TECH173434
Terms of use for this information are found in Legal Notices
Thank you.