Video Screencast Help

Bloodhound detections on DoubleTake server

Created: 10 Jan 2013 | 4 comments

Hi

I keep getting bloodhound detections in data replicated from a remote server to a DoubleTake server.  Both servers have a SEP11 cleint installed.

The DT server has the DT program and queue folders excluded, and also the drives where the replicated data is copied to are excluded by drive letter.

However the detections seem to happen at a lower level than that of Windows drive letters, eg \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume7\replicated_files\document.doc

So some questions:

1. Can I exclude that location in a policy the same way I would for a drive letter?

2. Why is this detection happening at all - is there a problem with the way SEP11 interacts with DT

3. Is it better to just disable bloodhound on the DT servers?

Thanks

 

Comments 4 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

It's advisable you can upgrade latest version

Check this thread

http://www.symantec.com/connect/forums/bloodhound-detection-defwatch-file

How to enable, disable, or configure Bloodhound(TM) heuristic virus detection in Symantec Endpoint Protection.

 

Article:TECH92424  |  Created: 2009-01-17  |  Updated: 2011-05-11  |  Article URL http://www.symantec.com/docs/TECH92424

 

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

It's a false positove, I would exclude on Dt servers

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

grumbleweed's picture

Hi Brian81 - any suggestions on how to exclude a location that is device name rather than a drive letter?

.Brian's picture

Sorry, I meant disable bloodhound. I don't believe there is a way to exclude a device name.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.