Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

How to set policy to scan C:\Users\*.* daily?

Created: 18 Sep 2012 • Updated: 18 Sep 2012 | 12 comments

Hourly IT person here.  We have Symantec Endpoint Security.  I'm adjusting the scan policies.

We have a daily active scan and a weekly full scan set up.

I'd like to add another daily scan of c:\users\*.* on each user's machine.  The custom scan settings only appear to scan certain folders in c:\users.  Those folder are fixed, and there's nothing for the entire c:\users on each machine.

I wouldn't mind setting up individual policies for each computer if I could do a scan on c:\users\user1 on one machine, c:\users\user2 on another machine. 

I'm just not seeing that level of control.  Is it possible to do this?

Comments 12 CommentsJump to latest comment

rmoc's picture

PS -- Where's the best place for this post?  I wanted it in a general SEP AV forum.  I got stuck in documentation....

Ashish-Sharma's picture

How to Create a Schedule Custom Scan for the Symantec Endpoint Protection Client ?

http://www.symantec.com/business/support/index?page=content&id=TECH96071

Thanks In Advance

Ashish Sharma

 

 

rmoc's picture

This is for a scheduled scan, setup/controlled on the management side.  It's possible to create a custom scan on the user side too, but then a box pops up when the scan runs.  And that's creating it on the individual computer.  I just want one policy applied to every computer in that group.

 

Under the policy editing side, admin-defined scans, I can add a new scan.  Set it to a scan type of custom.  When I edit the folders for that custom scan I can't get c:\users  or c:\users\*.*   If I could tell it to do that, I'd be set.  It's the same on each computer.

It's only got these folders for the custom scan...

common_appdata

common_desktopdirectory

common_documents

common_programs

common_startup

rogram_files

program_files_common

system

windows

 

I'm more concerned about scanning everything in the main user's folder for that computer.  If I could scan all the users, that's fine too.  Scanning c:\users sounded like less work policy-wise.

 

Am I stuck with SEP on this?  Is that the limit?  The custom scan looks like it's piecing out an active scan.  It's not looking that useful.

Ashish-Sharma's picture

Hi,

I have provide artical is you can create custom Scan at SEP client side.

How to Create a Schedule Custom Scan for the Symantec Endpoint Protection Client ?

http://www.symantec.com/business/support/index?page=content&id=TECH96071

What sepm version are you using ?

Thanks In Advance

Ashish Sharma

 

 

John Santana's picture

Hi,

would that cause any user performance issue ?

what about if the user account like Home Directory is on the file server ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Ashish-Sharma's picture

would that cause any user performance issue ?

No as a normal scan time.

what about if the user account like Home Directory is on the file server ?

You can set drive wise scan,

How to Schedule Scan on Symantec Endpoint Protection Managed and UnManaged Clients

http://www.symantec.com/business/support/index?page=content&id=TECH179307

Thanks In Advance

Ashish Sharma

 

 

John Santana's picture

Thanks Ashish !

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

SMLatCST's picture

I'm afraid the only way to create a scan that targets a specific folder, is on a SEP Client.  The administrator defined custom scans as configured from the SEPM only allow the targetting of the "Common" folder types as you've found.

If you have a mandatory requirement to specifically scan your identified folders, then you may want to look into the doscan.exe function.  Just be aware, that as it is a client side function, you won't be able to manage its schedule from the SEPM and will have to investigate other means of managing it (i.e. Altiris/Windows Scheduled Tasks/etc).

More info on doscan.exe below:
http://www.symantec.com/docs/TECH104287

However, an Active Scan is usually sufficient, and scans the most common load points for threats and risks.

rmoc's picture

Hmm.  That stinks.  The point of getting SEP was to manage everything from one place.  It sounds like it's possible to do the scan on an individual computer, setting it up on that individual computer, but that's way more work.   And I've noticed the scan box pops up on the client side when the custom scan runs.

Maybe I'll run the custom scan at night if I go that direction.

 

Thanks for your help.

.Brian's picture

As a side note, you can create an Idea for this to get it voted on and reviewed and hopefully included in a future release.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

Go here:

https://www-secure.symantec.com/connect/security/i...

Same as creating a post, except select Idea under Create Content

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.