Video Screencast Help

Scanning running processes

Created: 11 Oct 2012 | 7 comments

I'm running SEP11 AV only on server OS systems, is it going to scan running processes? Do I/Should I exclude processes, is that needed on servers?

 

Thanks!

Comments 7 CommentsJump to latest comment

pete_4u2002's picture

Autoprotect will scan whenever file is accessed or modified. Scheduled scan will scann all the files and processes. Heuristic scanning will scan the processes.

 

.Brian's picture

Since you'e running only autoprotect, by default it will scan when a file is accessed or modified and backed up.

You can change this in the policy if you wish.

But no, no running services will be scanned. That is the job is SONAR, which you don't use.

Autoprotect is only for files, not services.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

In your case, you have only AV/AS component installed on the Server.

Auto-Protect is preset to scan all files and processes. It may complete scans faster by scanning only files with selected extensions.

Active Scan - Scans the system memory and all the common virus and security risk locations on the computer quickly. The scan includes all processes that run in memory, important Windows registry files, and files like config.sys and windows.ini. It also includes some critical operating system folders.

A Full system scan detect viruses and security risks by examining all files and processes (or a subset of files and processes). A Full system scan can also scan memory and load points.

Reference: 

Information on Symantec Endpoint Protection Scans 

https://www-secure.symantec.com/connect/articles/information-symantec-endpoint-protection-scans

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

aa23's picture

So, the confirmation that I need is that, since I don't run PTP, and I believe it's not supported on server OSes, running processes are not scanned. Is this correct?

Thanks all!

.Brian's picture

it's partially supported. But correct. if you don't use it, running processes will not be scanned.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Correct, In SEP 11.x, PTP is not supported on Server OS and or 64-bit OS.

Check these Articles: http://www.symantec.com/docs/TECH97928

and

http://www.symantec.com/docs/TECH104987

Hope that helps!!

 

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Seyad's picture

This might be of additional info.

File System Auto-Protect: Scans files on hard drive (File System) that are accesses/modified in real time, for known infections. It doesn't scan Processes.

Bloodhound (Part of Auto-Protect): Scans the files on hard driver based on Heurestics.

Scheduled Full Scan: Scans the entire hard drive and the processes running in the machine, for known infections. No heurestics.

Scheduled Active Scan: Scans the common load points and the processes running in the machine, for known infections. No heurestics.

Truscan: Scans the processes running in the machine based on heurestics.

I believe that the only Process related Exclusion that you can add in SEP 11.0 is for Truscan. Since Truscan doesn't work on servers, you need not exclude any processes.

 

Cheers.