Solution
Use the following instructions to create a new client scheduled scan and/ or edit an old client scheduled scan from Symantec System Center with file exclusions:
To configure the scan
- Open the Symantec System Center.
- Right click on the Parent Server.
- Go to All Tasks> Symantec AntiVirus> Scheduled Scans.
- Click the Client Scans tab.
- Go to new or select an existing scan and click Edit> Scan Settings> Options.
- Check Exclude files and folders.
- Click on Folders.
- Type the complete path of the folder. (for example C:\Inetpub )
Note: One per line with no spaces at the beginning or at the end. You can only exclude folders and all sub-folders using this method
- Click OK until you are back to the Symantec System Center.
On the Parent Server
- Open the registry by clicking Start> Run.
- Type regedit.
- Go to HKLM\Software\Intel\Landdesk\VirusProtect6\CurrentVersion\ClientConfig\LocalScans\ClientServerScheduledScan_<number><number></number>
- If the client is in a client group go to HKLM\Software\Intel\Landdesk\VirusProtect6\CurrentVersion\Groups\<group name>\ClientConfig\LocalScans\ClientServerScheduledScan_<number><number></number>
- In the pane on the right, check that the value "HaveExceptionsDirs & HaveExceptionFiles" is "1", if not, change it to "1".
- Expand ClientServerScheduledScan_<number>.
- Go to NoScanDir Key.
- In the pane on the right, you will see the folders added above of REG_DWORD values.
- The title of each value will show the complete folder added above. Make sure that each of these has a value of 1 if it is not please change them to 1.
- Go to FileExceptions Key.
- Right click on the right and go NEW, then DWORD Value.
- Name the Value the path to the file. Example: C:\Windows\eicar.com
- Double click the DWORD value and set it to 1
- Exit registry editor.
- Note: you will have to go back into the SSC and go to back to all tasks> Symantec AntiVirus>Scheduled Scans and press ok (this commits the manual changes to the grc.dat).
Verification on the Parent Server:
- Go to %SYSTEMROOT%\Program Files\SAV\.
- Make a backup of the GRC.DAT file in case the original needs to be restored.
- Open GRC.DAT from the Symantec AntiVirus folder.
Note: Do NOT make any change to this file, only note that the information is here.
- Go to the local scan section which may look like this:
!KEY!=$REGROOT$\LocalScans\ClientServerScheduledScan_1\FileExceptions
GRC-State-Counter=D<number><number></number>
C:\windows\eicar.com=D1
!KEY!=$REGROOT$\LocalScans\ClientServerScheduledScan_1\NoScanDir
If these files exist, exit without saving.
Verification on the Client (It might take some time for settings to be replicated to the clients)
- Open the registry by clicking Start> Run.
- Type regedit.
- Go to HKLM\Software\Intel\Landdesk\VirusProtect6\CurrentVersion\ClientConfig\LocalScans\ClientServerScheduledScan_<number><number></number>.
- In the pane on the right, check that the value "HaveExceptionsDirs & HaveExceptionFiles" is "1", if not, change it to "1".
- Expand ClientServerScheduledScan_<number><number></number>.
- Go to NoScanDir Key.
- In the pane on the right, you will see exact the number of REG_DWORD values.
- The title of each value will show the complete folder or filename including its path and extension. Make sure that each of these has a value of 1 if it is not please change them to 1.
- You should now be able to run the scheduled scan from Symantec System Center.