Endpoint Protection

 View Only

  • 1.  Disable Scanning after Live Update on Unmanaged client

    Posted Dec 03, 2013 11:34 PM

    SEP unmanaged version 12.1:

     

    This is a followup to a similar issue:

    "The last two Windows 7 computers I have set up run multiple scans daily. This despite the fact that I disabled the active scan on startup and the scheduled active scan. When I review the virus and spyware scan log, I can see the scans that have been run. The only clue is "logged by" manual scan.

    It appears to happen at various times, 3 times a day. I can assure nobody is running these scans manually. Please advise."

    -----------------------------------------------------------

    Note: Any unexpected scedules have been verified and deleted in the registry as per instructions. 

    I understand that by default, once new definitions are loaded by Live update, SEP will automatically initiate one of the scheduled scans (if any exist). 

    However, I would like to disable this behavoir on an unmanaged client. 

    Since there is no checkbox available, is there a registry option for this behavior?

    Thanks,



  • 2.  RE: Disable Scanning after Live Update on Unmanaged client

    Broadcom Employee
    Posted Dec 03, 2013 11:45 PM

    if its becuase of new definition, it should read defwatch quick scan.

    can you post the scan log.



  • 3.  RE: Disable Scanning after Live Update on Unmanaged client
    Best Answer

    Posted Dec 04, 2013 12:02 AM

    If you want to disable scanning after virus defination update.

    Try this and change the registry entry

    You must set the following registry value: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Quarantine\DefWatchMode=3 (REG_DWORD).

    DefWatchMode
    value  action
    0          Automatically repair and restore files in Quarantine silently
    1          Repair the files in Quarantine silently without restoring
    2          Prompt user
    3          Do nothing

    If you wont be able to modify the registry if the tamper protection is enabled. disable it for a min make the changes

     

    Enabling, disabling, and configuring Tamper Protection in Endpoint Protection on unmanaged Clients

    http://www.symantec.com/business/support/index?page=content&id=TECH102688


  • 4.  RE: Disable Scanning after Live Update on Unmanaged client

    Posted Dec 04, 2013 12:09 AM

    The scan log never records such scans.  But in the Event Viewer, it shows scanner activity evidenced by false positive detections on files I restored but not excluded. 

    The scan log only records scans initiated on schedule or manual initiation.



  • 5.  RE: Disable Scanning after Live Update on Unmanaged client
    Best Answer

    Posted Dec 04, 2013 12:20 AM

    Above looks like it could be the solution.  See after next definition update.



  • 6.  RE: Disable Scanning after Live Update on Unmanaged client

    Posted Dec 04, 2013 12:40 AM

    Will wait for next update wink