Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Bloodhound detections on DoubleTake server

Created: 10 Jan 2013 | 4 comments

Hi

I keep getting bloodhound detections in data replicated from a remote server to a DoubleTake server.  Both servers have a SEP11 cleint installed.

The DT server has the DT program and queue folders excluded, and also the drives where the replicated data is copied to are excluded by drive letter.

However the detections seem to happen at a lower level than that of Windows drive letters, eg \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume7\replicated_files\document.doc

So some questions:

1. Can I exclude that location in a policy the same way I would for a drive letter?

2. Why is this detection happening at all - is there a problem with the way SEP11 interacts with DT

3. Is it better to just disable bloodhound on the DT servers?

Thanks

Comments 4 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

It's advisable you can upgrade latest version

Check this thread

http://www.symantec.com/connect/forums/bloodhound-detection-defwatch-file

How to enable, disable, or configure Bloodhound(TM) heuristic virus detection in Symantec Endpoint Protection.
Article:TECH92424  |  Created: 2009-01-17  |  Updated: 2011-05-11  |  Article URL http://www.symantec.com/docs/TECH92424

Thanks In Advance

Ashish Sharma

Brɨan's picture

It's a false positove, I would exclude on Dt servers

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

grumbleweed's picture

Hi Brian81 - any suggestions on how to exclude a location that is device name rather than a drive letter?

Brɨan's picture

Sorry, I meant disable bloodhound. I don't believe there is a way to exclude a device name.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.