Endpoint Protection

 View Only

  • 1.  SEP scanning \Device\HarddiskVolume2\PROGRAM FILES\etc

    Posted Nov 17, 2015 01:29 PM
      |   view attached

    Hi....

     

    When I open "View File System Auto-Protect Statistics" I saw a lot of exclusion beeing scanned by SEP and show a path as

    \Device\HarddiskVolume2\PROGRAM FILES (X86)\SYMANTEC\ for example, instead to show c:\PROGRAM FILES (X86)\SYMANTEC\

     

    As I attached. The question is how I can configure exceptions for this situations? Why SEP is doing this?

    Thanks for any help!

     

     



  • 2.  RE: SEP scanning \Device\HarddiskVolume2\PROGRAM FILES\etc

    Posted Nov 17, 2015 01:33 PM

    \Device\Harddisk\Volume2 is the same as C:\

    Did you add in exclusions on the client or from the SEPM?



  • 3.  RE: SEP scanning \Device\HarddiskVolume2\PROGRAM FILES\etc

    Posted Nov 18, 2015 06:32 AM

    Hi Brian, yes, the C:\etc\etc is in the exclusions, that is the problem....



  • 4.  RE: SEP scanning \Device\HarddiskVolume2\PROGRAM FILES\etc

    Posted Nov 18, 2015 06:36 AM

    What is the exact version of SEP that is running here?



  • 5.  RE: SEP scanning \Device\HarddiskVolume2\PROGRAM FILES\etc

    Posted Nov 18, 2015 08:52 AM

    Exclusions will also be scanned but no actions will be taken.

    download this test file to an excluded folder and run a scan if SEP does not detects then that folder is excluded

    http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=24461

    You can actually get a list of files  scanned using VPdebug however I could find the same for Autoprotect, its just real time on the console and it does not log it anywhere

     

    https://support.symantec.com/en_US/article.TECH102939.html