Video Screencast Help

Shared folder performance with AutoProtect Enabled vs Disabled

Created: 03 Jan 2014 • Updated: 17 Jan 2014 | 6 comments
This issue has been solved. See solution.

12.1.1000.157 RU1

Host of shared folder is an physical Windows 2003 Server Standard 32bit with 4GB RAM.

Mac clients use a shared folder on this server for storing images. There are about 10,000 images (generally, JPG, TIF and RAW) per folder within a number of folders inside the share.

If we Disable Symantec Endpoint Protection, the folder contents display within a few seconds. When enabled, the folder content listing appears to timeout but some reports indicate contents will eventually appear after some minutes.

Shoud I disable Auto Protect for this server/folder and instead schedule scans nightly (can you point me at instructions on how I go about this from the console)?

What are the recommended steps for dealing with this kind of issue?

Thanks

Operating Systems:

Comments 6 CommentsJump to latest comment

ᗺrian's picture

It's really up to you and what your requirement is.

Being that is a large directory being scanned, it may be best to disable AP and enable daily scans of the share.

It's never really recommended to disable AP but if work suffers because of it, you may need to go in this direction.

Login to the SEPM and go to your AV policy section.

You can create a new AV policy and once you open it go to the Administrator defined scans tab

Add a new scan here and edit as needed.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
P_K_'s picture

Disabling  Auto Protect for this server/folder  may not be a right idea. We can create a AV policy from the SEPM and customize it.

For the shared drive you can disable the network scanning.

Network settings provides the following options:
· Network

Enables or disables scanning on network drives

· Network Settings

When scanning is enabled on network drives, Auto-Protect scans files when a client computer or a server accesses them from a server. When network scanning is enabled, you can also enable Auto-Protect to trust remote versions of Auto-Protect and to use a network cache.

1. Disable Network Scanning from the Symantec Endpoint Protection Manager:
a. Under the Policies Tab, select Antivirus and Antispyware.
b. Click the policy you would like to modify and select Edit the Policy.
c. Click File System Auto-Protect.
d. Under Network Settings, disable Network.
e. Click OK.
f. Assign the policy by clicking Assign the Policy, then check each group to which the policy should apply.
g. Click Assign, then click YES.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

Riya31's picture

Before disabling autoprotect check with disabling NTP or you can Exclude mapped drive from autoprotect scan.

SebastianZ's picture

Disabling Auto-Protect is never recommended - you basically disabling the live scanning of antivirus itself basically leaving only schedule scan option - but scheduled scan may be already to late if the threat go onto your machine while auto protect was off.

Why not simply excluding this folder from Auto-Protect Scan:

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 12.1

http://www.symantec.com/docs/TECH183201

On the clients accessing the share you can as well disable network scanning for shared drives. Both those solution will be less harmful than disaling AP alltogether.

SOLUTION
Symntc Steve Ireland's picture

Thanks for the all information.

Based on comments above, I created a group specifically for this server and added an exceptions policy (using SebatianZ's link) to exempt one folder and the file types JPG, TIF & FFF from AutoProtect only (as this was an option). Hopefully this means that those excepted files & folders will still be scanned by the scheduled scans.

As disabling the SMC client on the server was what improved performance I didn't look at the Network Drives scanning exception on the clients as I didn't think this was necessary.

Having enabled the exceptions above, users report the performance is good. We accept the potential risk as the overhead of AutoProtecting these folders was too high (assuming auto protect is that "on-access/at file-open" scanning facility). I didn't except anything else (Insight, Scheduled scans or whatever).

Beppe's picture

Hi,

AutoProtect exclusions are valid for both realtime and scheduled scans, test it with EICAR files...

It is not recommended to exclude an entire shared folder, shared folders are often used by threats to spread in computer networks.

You may also set the AV on that system to scan files only when modified (and created) instead of at every access.

Regards,

Giuseppe