Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Symantec endpoint protection: real-time protection not working

  • 1.  Symantec endpoint protection: real-time protection not working

    Posted Apr 15, 2013 09:59 PM

    Hi, the SONAR has been enabled by default in all clients but the real-time protection looks not working.

    We've got the virus detection just after the full scan been made. Kindly advise what should be the right configuration for this real-time protection to be executed when there's a virusdetection from a file or folder. Thank you in advance.



  • 2.  RE: Symantec endpoint protection: real-time protection not working

    Posted Apr 15, 2013 11:46 PM

    hello,

    Lokk this discussion

    https://www-secure.symantec.com/connect/forums/best-practice-scan-schedule



  • 3.  RE: Symantec endpoint protection: real-time protection not working

    Broadcom Employee
    Posted Apr 16, 2013 12:32 AM

    did you test eicar? does it not show alert? check the risk log



  • 4.  RE: Symantec endpoint protection: real-time protection not working

    Posted Apr 16, 2013 12:37 AM

    Hi,

    Please refer this.

    http://www.symantec.com/business/support/index?page=content&id=HOWTO54873



  • 5.  RE: Symantec endpoint protection: real-time protection not working

    Posted Apr 16, 2013 12:41 AM
    Is the client showing that auto-protect is OFF or malfunctioning? Perhaps a screenshot may help so we can see what you're seeing.


  • 6.  RE: Symantec endpoint protection: real-time protection not working

    Broadcom Employee
    Posted Apr 16, 2013 03:30 AM

    Hi,

    Why do you think real time protection is not working?

    Make sure Virus & Spyware policy is applied with all the features inside it.

    If policy is assigned correctly then SEP should take correct action against the virus/threat.



  • 7.  RE: Symantec endpoint protection: real-time protection not working

    Posted Apr 16, 2013 05:40 AM

    Hi

    What is the version of SEP

    Regards

     



  • 8.  RE: Symantec endpoint protection: real-time protection not working

    Posted Apr 16, 2013 05:59 AM

    Hello.. version is 12.1. Because it seems that the virus has been detected only upon Full Scan been performed. There's no real time detection in client.



  • 9.  RE: Symantec endpoint protection: real-time protection not working

    Trusted Advisor
    Posted Apr 16, 2013 07:38 AM

    Hello,

    Real Time Protection OR Auto-Protect continuously inspects files and email data as they are written to or read from a computer. Auto-Protect automatically neutralizes or eliminates detected viruses and security risks.

    The Full Scan -  Scans the entire computer for viruses and security risks, including the boot sector and system memory.
     
    It will scan each file by starting with A to Z its not real time..Its manual or scheduled.
     
    A Full system scan are the antivirus and antispyware scans that detect known viruses and security risks. For the most complete protection, you should schedule occasional scans for your client computers. Unlike Auto-Protect, which scans files and email as they are read to and from the computer. A Full system scans detect viruses and security risks.

    A Full system scan detect viruses and security risks by examining all files and processes (or a subset of files and processes). A Full system scan can also scan memory and load points.

    A Full system scan does these...

    1. Scans the system memory and all the common virus and security risk locations. 

    2. Scans the entire computer for viruses and security risks, including the boot sector and system memory.
    Full scans can be scheduled Manually and also a Administrator Defined scans could be performed from SEPM.
     
    Reference:

    Information on Symantec Endpoint Protection Scans

    https://www-secure.symantec.com/connect/articles/information-symantec-endpoint-protection-scans

    About the types of scans and real-time protection

    http://www.symantec.com/docs/HOWTO55226

    Hope that helps!!



  • 10.  RE: Symantec endpoint protection: real-time protection not working

    Posted Apr 17, 2013 11:25 PM

    Thanks for all the replies. Actually all features are on. What i understand is that if detection comes it should popup the alert or notification message will appear on client right?



  • 11.  RE: Symantec endpoint protection: real-time protection not working

    Posted Apr 17, 2013 11:42 PM
    If you have it configured that way in the SEPM than yes it will.


  • 12.  RE: Symantec endpoint protection: real-time protection not working

    Posted Apr 18, 2013 12:42 AM

     

    Hi, 

    If you configured to get the alerts it will pop up you.

    Auto Protect is the real time protection based on signatures, while any read writes happens to the system.

    SONAR also a real time protection which works on behavioral based signatures.

    On which point you suspect the Auto protect is not working? Can you post the logs/ screen capture of the same.

    Regards                                                                 

    Ajin



  • 13.  RE: Symantec endpoint protection: real-time protection not working

    Posted Apr 18, 2013 12:44 AM

    Hi,

    For that you have to set the policy from SEPM only, then client system will show the popup.