Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

SEP 12.1 scanning mapped drives on workstations

Created: 20 Sep 2012 • Updated: 20 May 2013 | 22 comments
ThaveshinP's picture
This issue has been solved. See solution.

I have over 3000 clients that have home folders(mapped drives on the workstations) on a server. Server has 10TB of data - take too long to scan. Could I setup a scheduled scan to scan the mapped drive as well  (global setting). What impact will the scanning have on the performance of bother server and client.?

Comments 22 CommentsJump to latest comment

Ashish-Sharma's picture

HI Check this thread

https://www-secure.symantec.com/connect/forums/large-windows-file-server-sep-client-deployment-best-practice

pete_4u2002 Symantec Employee

from thread

https://www-secure.symantec.com/connect/forums/sep-heavily-used-fileservers#comment-4787611

 

For example, the default setting for Auto-Protect is set to scan all files accessed or modified. By changing this to only scan files that have been modified you should be able to alleviate some of the performance issue since files on the server would only be scanned by Auto-Protect if there were changes made to the file.

You would also want to ensure that Auto-Protect is not configured to scan files when they are being backed up.

I've linked some documents below that should provide some assistance with configuration changes to assist with performance while still keeping Auto-Protect enabled.

http://www.symantec.com/business/support/index?page=content&id=TECH102711

http://www.symantec.com/business/support/index?page=content&id=TECH92440

 

Thanks In Advance

Ashish Sharma

 

 

ThaveshinP's picture

Thanks for the info, but anyone confirm that when a scan starts any mapped drives on a workstation will be scanned?

Ashish-Sharma's picture

HI,

Check this artical may clear your doubt.

Does a Full Scan scan Mapped Network Drives

http://www.symantec.com/business/support/index?page=content&id=TECH96284

Thanks In Advance

Ashish Sharma

 

 

ThaveshinP's picture

I know that a local user can create a custom scan for a mapped drive.  What if a CUSTOM SCAN is created by an administrator on SEPM and sent to the client in a policy, will the CUSTOM SCAN scan mapped network drives ?

Is there a way then to duplicate a local user custom scan for mapped drives (network drive will not change)

on all machines either via script or policy?.

Ashish-Sharma's picture

If a Full Scan is created by an administrator on SEPM and sent to the client in a policy, the Full Scan will not scan mapped network drives since this scan runs under the SYSTEM contex

http://www.symantec.com/business/support/index?page=content&id=TECH96284

 

What if a CUSTOM SCAN is created by an administrator on SEPM and sent to the client in a policy, will the CUSTOM SCAN scan mapped network drives ?

No since this scan runs under the SYSTEM context.

Is there a way then to duplicate a local user custom scan for mapped drives (network drive will not change)

on all machines either via script or policy?.

You can create Manually Custom Scan

How to setup a custom scan that will scan only one single folder in Symantec Endpoint Protection (SEP) 12.1?

http://www.symantec.com/business/support/index?page=content&id=HOWTO59048

Thanks In Advance

Ashish Sharma

 

 

.Brian's picture

You can also setup a box just to scan those shares. Just map to them and create a custom scan in the SEP client on the box and set it run however you need it.

SAV for NAS is another product offered that handles this, if you can afford it.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Santana's picture

Yes, that does make sense Brian, so in this case, I'll create the custom scan job from the SEPM and logged in as DOMAIN\Administrator to do the scanning.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

.Brian's picture

You need to create the custom scan on the client itself which has the drives mapped to the NAS. Can't be done from the SEPM.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Santana's picture

Yes, thanks for the suggestion Brian, that is the solution that I use for now.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

ThaveshinP's picture

I have 3000 clients that will need the same scan done, and I do not want to scan on NAS. What is the best possible way to get all the machines to scan the mapped drive on custom but that can be distributed to all - dont want to manually go to each of the 3000 clients to setup a custom scan.

ThaveshinP's picture

Is it possible to create the custom scan on 1 machine and then copy the registry settings and export it to another machine ?

.Brian's picture

It would be if you knew exactly what keys to looks for and import. But this will prove difficult if you're dealing with 32 and 64bit machines and different operating systems. Assuming they're all the same, you could pull this off.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

doscan.exe is the only command line scanning tool.

Check this thread

http://www.symantec.com/connect/forums/automatic-scanning-mapped-network-drive

 

Thanks In Advance

Ashish Sharma

 

 

John Santana's picture

So what whill happens if the workstation is rebooted ? does the scan starts from the first file again or continues on ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Ashish-Sharma's picture

HI,

It's scanning again after system rebooted..

Thanks In Advance

Ashish Sharma

 

 

ThaveshinP's picture

Why is this not included as a feature - you have to run a dos command??

John Santana's picture

ThaveshinP,

How to include that as a command line ? I'm confused with the suggestion.

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

.Brian's picture

He's talking about doscan

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

John Santana's picture

ah ok, thanks Brian !

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

LeighT's picture

Creating scans to scan a mapped drive means that you could be creating more of a performance issue on the server and performing double scanning on specific files and folders if scheduled.

For example if the mapped drive is for example :

F:\Marketing

Why would you want say 200 people accessing the marketing folder to have a global scan placed on the AV policy to scan this mapped drive as it would be scanned 200 times at a scheduled time.

If each user has its own user data saved on a server, then I can understand doing this but I do not think this is possible in the product as a global setting using a user variable.

I would suggest breaking down the scans on the server that houses 10TB.

You can break them into custom scans for example:

Monday : Custom Scan scans Marketing folder and Sales folder and restrict scan to finish in so many hours.

Tuesday: Custom Scan scans Finance and IT folder and restrict scan to finish in so many hours.

And so on......

I would also recommend to the customer that they perform an archiving exercise on their data, but realistically I know some customers fight this but a lot of data exists on servers that say has not been accessed in the last say 4 years and can be archived and backed up and deleted.Has the customer done this?  This will make it more manageable from a security perspective and will even help with the time it takes to backup critical data. I am sure there backups are not even completing here. So the issues is bigger and by cleaning up you addressing several issues.

Its difficult with that amount of data and any product will battle scanning that much data.

Auto-protect will pick up the accessed and modified files but you will definitely pick up more malicious code if you perform scheduled scans as it scans all folders/files specified.

 

SOLUTION