Video Screencast Help

How to completely exclude an optical drive from scanning file contents while they are accessed?

Created: 08 Jan 2013 • Updated: 29 Jan 2013 | 1 comment
This issue has been solved. See solution.

According to this article:

http://www.symantec.com/business/support/index?page=content&id=TECH102256

When I insert a media onto a CD/DVD/BD optical drive, no scanning will take place as soon as the media is inserted. But every file on the media is scanned when I get access to any of them.

Now my question.

I have about 30 SEP 12.1.2 (RU2) clients and a SEP Manager installed onto a Windows 2003 R2 x86 server.

In a clinic, a customer uses several CD-ROMs, each containing a lot (several hundreds) of radiological images. When he browse them with a viewer, Symantec Endpoint Protection starts to check for viruses, and image browsing freezes for several minutes, making impossible to practically use the application.

How can I prevent every type of CD scanning by SEP Manager policy? Exclusions works, but only by drive letter, I wonder if there is a smarter way to specify it, maybe by device type... This method could be more effective, especially on some clients where the DVD/CD-ROM drive is not linked to the usual D: letter...

Any ideas?

Thank you,

Leonardo.

Comments 1 CommentJump to latest comment

Mithun Sanghavi's picture

Hello,

Do you want to exclude CD/DVD/BD drives from scanning??

In your case, you can also configure individual scans to scan only certain extensions and skip any other extensions.

See About the files and folders that Symantec Endpoint Protection excludes from virus and spyware scans.

The File System Auto-Protect scan is the only type which would automatically scan a CD/DVD/BD/USB drive connected to the system. This type of scan, by default, would only run when a file is accessed or modified (scans the files when they are written, opened, moved, copied, or run).

This means that if any infections/threats present on the CD/DVD/BD/USB drive attempt to access or modify any of the content on the system, it would be detected. The detection mechanism within File System Auto-Protect ensures safety from threats present on the CD/DVD/BD/USB drives.

Symantec Antivirus does not currently run an automatic System Scan on the contents of flash drives when they are first plugged in. A manual scan on the contents of a flash drive can be initiated by right-clicking on the drive in My Computer and choosing Scan for Viruses.

http://www.symantec.com/docs/TECH102573

You could also change the following File System Auto-Protect setting in Symantec Endpoint Protection Manager for each client group by - 

a. Click on Clients, Policies Tab, select Virus and Spyware Protection policy – Balanced, click Edit Shared.

b. Within Protection Technology, click on Auto-Protect, Click Advanced Scanning and Monitoring.

c. Click on Scan Details tab, select Scan when a file is modified, click OK and click OK once again.

Check this Article:

What are the differences between Symantec Endpoint Protection's Auto-Protect settings "Scan when a file is accessed or modified" and "Scan when a file is modified"?

http://www.symantec.com/docs/TECH197809

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION