SEP 12.1 scanning mapped drives on workstations
Created: 20 Sep 2012 | Updated: 20 May 2013 | 21 comments
This issue has been solved. See solution.
I have over 3000 clients that have home folders(mapped drives on the workstations) on a server. Server has 10TB of data - take too long to scan. Could I setup a scheduled scan to scan the mapped drive as well (global setting). What impact will the scanning have on the performance of bother server and client.?
Discussion Filed Under:
Group Ownership:
Comments 21 Comments • Jump to latest comment
HI Check this thread
https://www-secure.symantec.com/connect/forums/large-windows-file-server-sep-client-deployment-best-practice
from thread
https://www-secure.symantec.com/connect/forums/sep-heavily-used-fileservers#comment-4787611
For example, the default setting for Auto-Protect is set to scan all files accessed or modified. By changing this to only scan files that have been modified you should be able to alleviate some of the performance issue since files on the server would only be scanned by Auto-Protect if there were changes made to the file.
You would also want to ensure that Auto-Protect is not configured to scan files when they are being backed up.
I've linked some documents below that should provide some assistance with configuration changes to assist with performance while still keeping Auto-Protect enabled.
http://www.symantec.com/business/support/index?page=content&id=TECH102711
http://www.symantec.com/business/support/index?page=content&id=TECH92440
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Thanks for the info, but anyone confirm that when a scan starts any mapped drives on a workstation will be scanned?
HI,
Check this artical may clear your doubt.
Does a Full Scan scan Mapped Network Drives
http://www.symantec.com/business/support/index?page=content&id=TECH96284
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
I know that a local user can create a custom scan for a mapped drive. What if a CUSTOM SCAN is created by an administrator on SEPM and sent to the client in a policy, will the CUSTOM SCAN scan mapped network drives ?
Is there a way then to duplicate a local user custom scan for mapped drives (network drive will not change)
on all machines either via script or policy?.
If a Full Scan is created by an administrator on SEPM and sent to the client in a policy, the Full Scan will not scan mapped network drives since this scan runs under the SYSTEM contex
http://www.symantec.com/business/support/index?page=content&id=TECH96284
What if a CUSTOM SCAN is created by an administrator on SEPM and sent to the client in a policy, will the CUSTOM SCAN scan mapped network drives ?
No since this scan runs under the SYSTEM context.
Is there a way then to duplicate a local user custom scan for mapped drives (network drive will not change)
on all machines either via script or policy?.
You can create Manually Custom Scan
How to setup a custom scan that will scan only one single folder in Symantec Endpoint Protection (SEP) 12.1?
http://www.symantec.com/business/support/index?page=content&id=HOWTO59048
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
You can also setup a box just to scan those shares. Just map to them and create a custom scan in the SEP client on the box and set it run however you need it.
SAV for NAS is another product offered that handles this, if you can afford it.
SEP Knowledge Base
Endpoint SWAT
Yes, that does make sense Brian, so in this case, I'll create the custom scan job from the SEPM and logged in as DOMAIN\Administrator to do the scanning.
Kind regards,
John Santana
Graduate IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
You need to create the custom scan on the client itself which has the drives mapped to the NAS. Can't be done from the SEPM.
SEP Knowledge Base
Endpoint SWAT
Yes, thanks for the suggestion Brian, that is the solution that I use for now.
Kind regards,
John Santana
Graduate IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
I have 3000 clients that will need the same scan done, and I do not want to scan on NAS. What is the best possible way to get all the machines to scan the mapped drive on custom but that can be distributed to all - dont want to manually go to each of the 3000 clients to setup a custom scan.
Is it possible to create the custom scan on 1 machine and then copy the registry settings and export it to another machine ?
It would be if you knew exactly what keys to looks for and import. But this will prove difficult if you're dealing with 32 and 64bit machines and different operating systems. Assuming they're all the same, you could pull this off.
SEP Knowledge Base
Endpoint SWAT
doscan.exe is the only command line scanning tool.
Check this thread
http://www.symantec.com/connect/forums/automatic-scanning-mapped-network-drive
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Agree with Ashish
So what whill happens if the workstation is rebooted ? does the scan starts from the first file again or continues on ?
Kind regards,
John Santana
Graduate IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
HI,
It's scanning again after system rebooted..
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
Why is this not included as a feature - you have to run a dos command??
ThaveshinP,
How to include that as a command line ? I'm confused with the suggestion.
Kind regards,
John Santana
Graduate IT Professional
--------------------------------------------------
Please be nice to me as I'm newbie in this forum.
He's talking about doscan
SEP Knowledge Base
Endpoint SWAT
Creating scans to scan a mapped drive means that you could be creating more of a performance issue on the server and performing double scanning on specific files and folders if scheduled.
For example if the mapped drive is for example :
F:\Marketing
Why would you want say 200 people accessing the marketing folder to have a global scan placed on the AV policy to scan this mapped drive as it would be scanned 200 times at a scheduled time.
If each user has its own user data saved on a server, then I can understand doing this but I do not think this is possible in the product as a global setting using a user variable.
I would suggest breaking down the scans on the server that houses 10TB.
You can break them into custom scans for example:
Monday : Custom Scan scans Marketing folder and Sales folder and restrict scan to finish in so many hours.
Tuesday: Custom Scan scans Finance and IT folder and restrict scan to finish in so many hours.
And so on......
I would also recommend to the customer that they perform an archiving exercise on their data, but realistically I know some customers fight this but a lot of data exists on servers that say has not been accessed in the last say 4 years and can be archived and backed up and deleted.Has the customer done this? This will make it more manageable from a security perspective and will even help with the time it takes to backup critical data. I am sure there backups are not even completing here. So the issues is bigger and by cleaning up you addressing several issues.
Its difficult with that amount of data and any product will battle scanning that much data.
Auto-protect will pick up the accessed and modified files but you will definitely pick up more malicious code if you perform scheduled scans as it scans all folders/files specified.
Thanks nice :)
Would you like to reply?
Login or Register to post your comment.