How to configure Symantec AntiVirus for Linux using a GRC.DAT file

Article:TECH93386  |  Created: 2009-01-10  |  Updated: 2013-01-24  |  Article URL
Article Type
Technical Solution



You would like to know how to configure exclusions, scheduled scans, and other options in SAVFL (Symantec AntiVirus for Linux).


You can configure Linux client computers globally using the GRC.DAT file from the Windows Symantec AntiVirus product, in the following ways:

  • Use the GRC.DAT file that the Symantec System Center creates on a Windows Symantec AntiVirus parent server.
  • Use the Configuration Editor tool (ConfigEd) on a Windows computer that has Symantec AntiVirus installed to create a GRC.DAT file.

For more details on ConfigEd, the Windows tool you can use to create a GRC.DAT file, please see Management of Symantec AntiVirus (SAV) for Linux.

Important Points

You can save the configuration file that you create either as the default name GRC.DAT or with a name that you specify. But, before you roll out the configuration file to your Linux client, it must be renamed to GRC.DAT (all uppercase).

GRC.DAT files are text files that can be edited manually using a text editor. Symantec AntiVirus Linux clients support GRC.DAT files with either Windows or Linux line endings but the file may not be in Unicode format.

When manually editing and re-applying the same GRC.DAT file to a SAVFL installation, be sure to change the GRC-State-Counter value in the GRC.DAT file increasing it by one. This value is recorded by SAVFL and if a new GRC.DAT does not have a different GRC-State-Counter then the settings in the file will be ignored. ConfigEd automatically updates this value whenever it saves a GRC.DAT file.

File paths and names that you specify in the GRC.DAT are not checked for accuracy, and you must be careful to use the correct case in Linux applications. Also, you must use the Linux-style forward slash in path names, rather than the Windows-style back slash, otherwise exclusions will be ignored. Be careful also to specify folder exclusions using full paths with a leading slash, otherwise it may be ignored.

To roll out the GRC.DAT file to your Linux client, simply copy it to the /var/symantec directory. GRC.DAT files are automatically imported by SAVFL every ten minutes.
To trigger immediate GRC.DAT processing:

  • Use the symcfg command line interface to set the value of \Symantec Endpoint Protection\AV\ProductControl\ProcessGRCNow to 1
    (command line: symcfg add -k '\Symantec Endpoint Protection\AV\ProductControl' -v ProcessGRCNow -d 1 -t REG_DWORD)
  • or simply restart the rtvscand process (eg. with command line: /etc/init.d/rtvscand restart)

To view all SAVFL configuration options, use the command line symcfg -r list and optionally route the output to a file for viewing with a text editor. For finer control of the symcfg command, See the Symantec AntiVirus™ for Linux® Implementation Guide (SAV_Linux_Impl.pdf) and "Using the symcfg CLI to interact with the Symantec AntiVirus configuration database".

All Linux command lines for SAVFL should normally be executed within /opt/Symantec/symantec_antivirus


Supplemental Materials


Legacy ID


Article URL

Terms of use for this information are found in Legal Notices