Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Scan mapped Drive

Created: 23 Mar 2013 • Updated: 23 May 2013 | 8 comments
This issue has been solved. See solution.

Hi Team,

I have one network drive are available in every system.user are having copy and paste our data.

My question can SEP scan shared /Mapped drive ?

 

 

Comments 8 CommentsJump to latest comment

W007's picture

Hello,

Look this public Kb's and some discussion for same query

Does a Full Scan scan Mapped Network Drives

http://www.symantec.com/business/support/index?page=content&id=TECH96284

 

Some Discussion

https://www-secure.symantec.com/connect/forums/sep-121-scanning-mapped-drives-workstations

https://www-secure.symantec.com/connect/forums/how-can-symantec-endpoint-scans-samba-fileshare

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
.Brian's picture

If the scan was created by the user as on demand or scheduled scan than it will since it was created under the USER context. If the scan was created in the SEPM console than it will not since it runs under the SYSTEM context.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

K33's picture

If a Full Scan is created by an administrator on SEPM and sent to the client in a policy, the Full Scan will not scan mapped network drives since this scan runs under the SYSTEM contex

http://www.symantec.com/business/support/index?page=content&id=TECH96284

Ajit Jha's picture

If the Full Scan was created by the local user as an On Demand or Scheduled Scan, then it will treat mapped drives as local drive and scan them since both the scan and mapped network drives are created under the user context. This is still the case if the AutoProtect option to scan network drives is disabled because that is an AutoProtect feature and does not have any bearing on local manual or scheduled scans.

FYR:

Article URL http://www.symantec.com/docs/TECH96284

 

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Rafeeq's picture

If users are copying and pasting data from mapped drive to local drive then auto protect will take care of that.

Mithun Sanghavi's picture

Hello,

Mapped drives can be a transmission pathway for malicious code and they should therefore be managed carefully. Many threats will enumerate each drive letter on the system and attempt to copy themselves to that drive, allowing for rapid spread within a corporate network. It is best to only use these drive mappings when needed, and then ensure that the content is frequently scanned for malicious threats.

The first option to protect against autorun.inf threats is to disable the functionality across the network. If this is not an option, one specific technique that is particularly effective against autorun-based threats is to create folders named ‘autorun.inf’ in all root folders of mapped server volumes. These folders should be marked as System and Hidden with the read-only bit set. Write access for these folders should be revoked for all users. Any threat that attempts to create the autorun.inf file in the root directory of a mapped drive will not be able to do so. 

In SEP 12.1, If the Full Scan was created by the local user as an On Demand or Scheduled Scan, then it will treat mapped drives as local drive and scan them since both the scan and mapped network drives are created under the user context. This is still the case if the AutoProtect option to scan network drives is disabled because that is an AutoProtect feature and does not have any bearing on local manual or scheduled scans.

If a Full Scan is created by an administrator on SEPM and sent to the client in a policy, the Full Scan will not scan mapped network drives since this scan runs under the SYSTEM context.

Does a Full Scan scan Mapped Network Drives?

http://www.symantec.com/business/support/index?page=content&id=TECH96284

Symantec Endpoint Protection Recommended Best Practices for Securing an Enterprise Environment

http://www.symantec.com/docs/TECH166816

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

AjinBabu's picture

Hi ,

By default real time protection technologies will do and please follow the KB TECH96284  for performing scan on a mapped drive.

Regards

Ajin

SameerU's picture

We can configure the scan Network Drives through SEPM

Regards