Does a Full Scan scan Mapped Network Drives?

Article:TECH96284  |  Created: 2009-01-22  |  Updated: 2012-04-27  |  Article URL http://www.symantec.com/docs/TECH96284
Article Type
Technical Solution


Environment

Issue



When a Symantec Endpoint Protection (SEP) client's Full Scan is run, are mapped network drives included in the scan?


Solution



If the Full Scan was created by the local user as an On Demand or Scheduled Scan, then it will treat mapped drives as local drive and scan them since both the scan and mapped network drives are created under the user context. This is still the case if the AutoProtect option to scan network drives is disabled because that is an AutoProtect feature and does not have any bearing on local manual or scheduled scans.

If a Full Scan is created by an administrator on SEPM and sent to the client in a policy, the Full Scan will not scan mapped network drives since this scan runs under the SYSTEM context.

Additional Note on Accounts and Permissions

If a user account on a computer does not have sufficient access/permissions to the remote network share, then SEP scans and remediation attempts (delete, quarantine, clean etc) of items on that network share may fail.  A manual scan launched locally that is "Run as Administrator," or an admin account logged into the same computer running a SEP scan of the same mapped network drive, could conceivably have greater access/permissions and succeed in detecting and remediating malicious files there.



Legacy ID



2009092213060248


Article URL http://www.symantec.com/docs/TECH96284


Terms of use for this information are found in Legal Notices