The real-time scanner in Symantec AntiVirus Corporate Edition causes the last accessed date stamp to change when a file is backed up

Article:TECH99324  |  Created: 2001-01-30  |  Updated: 2005-01-05  |  Article URL http://www.symantec.com/docs/TECH99324
Article Type
Technical Solution


Environment

Issue



Norton AntiVirus Corporate Edition 7.5x/7.6x, or Symantec AntiVirus Corporate Edition 8.0 (collectively referred to as Symantec AntiVirus) changes the last accessed date stamp on files when they are backed up using Arcserv or VERITAS. This causes problems when the backup software attempts to back up only those files that had been modified since the last backup.


Cause



When Symevnt detects a disk write, Auto-Protect must issue a file open to Windows to be able to scan the file(s) being created/moved. In the case of a file copy (backup) we must scan both the new file and the parent file thus AP makes a file open call to Windows for the parent file and the Backed up file(s). When a file open is issued, it is Windows that modifies the last access date. In our case here Arcserv is hacking around windows, which is similar to what we do get around this windows feature during a manual scan (stamping on the original accessed time after the file is scanned. QA marking this one reproduced but implementing a last access date hack for AP may be a daunting task.

Solution




Before you begin: If you experience the problems that are outlined in this document, upgrade to the latest version of each Symantec and VERITAS product. To learn how to obtain an upgrade, click the link that applies to your software product:


Under File System Real Time Protection, an option to ignore files being opened for backup has been added to the Norton AntiVirus Corporate Edition 7.61 inline release, and to Symantec AntiVirus Corporate Edition 8.0. If you have Norton AntiVirus Corporate Edition 7.60 or earlier, you must obtain the 7.61 version to resolve this. See the document How to obtain an update or an upgrade for your Symantec Corporate product for more information.

To disable the scanning of files opened for backup
1. Start Symantec AntiVirus.
2. Click Configure.
3. Click File System Real Time Protection.
4. Click Advanced.
5. Uncheck Opened for backup.
6. Exit Symantec AntiVirus.

This setting causes Symantec AntiVirus to ignore backup open calls, which are the specific APIs that are used by backup software. This enables Symantec AntiVirus to run real-time protection at the same time that real-time backups are taking place.




References
For additional information, see the document Norton AntiVirus Corporate Edition 7.61 inline Release Notes.





Legacy ID



2001053014495048


Article URL http://www.symantec.com/docs/TECH99324


Terms of use for this information are found in Legal Notices