Endpoint Protection

 View Only
  • 1.  Omitting Files on Scan

    Posted Jan 20, 2010 03:31 PM
    We are having various issues with our full scans. The servers and a desktop are omitting 20-40% of their files. There should not be this many files in use at 2 am, and we have it set to scan all files and programs.

    Another piece of the puzzle is that we recently battled with a conficker/virut infection. We did remove all systems from the network and ran removal tools, then applied Norton and ran all Windows update. We were getting pinged by a missing machine - which turned out to be a tv which used as a monitor in the lobby - now disconnected.

    downadupB has popped up twice after the cleaning, but we don't know how - Norton is quarantining and deleting it. I would like to force a scan of ALL  files.

    Any advice for a fairly non-techie user?

    Thanks.


  • 2.  RE: Omitting Files on Scan
    Best Answer



  • 3.  RE: Omitting Files on Scan

    Posted Jan 20, 2010 03:46 PM

    By default SEP excludes certain folders like the SEPM db, exchange and AD... Apart from that. as Vikram has already told, decomposer engine failures.... You dont have to worry as long as SEP can pick the threat and quarantine (or any action) on it... If you repeatedly getting a threat in your network, then I guess we will have to take it seriously... We willl have to find out the damn source... for which I'd suggest you to enable "risk tracer" ... :)

    Cheers,
    Visu.



  • 4.  RE: Omitting Files on Scan

    Posted Jan 20, 2010 04:06 PM
    Thanks. I will make sure we run the Risk Tracer.

    So, that we are omitting about 60,000 files is not necessarily a problem? They are all listed as the "extraction error encountered by the Decomposer Engine"

    Thanks again.


  • 5.  RE: Omitting Files on Scan

    Posted Jan 20, 2010 04:15 PM
     That is correct ..omiited files are not a problem..however read other articles on downadup on how to be protected from it.


  • 6.  RE: Omitting Files on Scan

    Posted Jan 20, 2010 04:17 PM
    will do ... Thanks.