Video Screencast Help

TruScan Proactive Threat Exception

Created: 05 Jul 2013 | 7 comments

Hello,

what exactly does Creating exceptions for TruScan Proactive Threat Scans mean? Is the process ignored if SEP identify it as a threat? Or are all activies by this process are ignored?

What I want to achieve: if I understood it correctly, every file on our fileserver will be scanned if the backup tool access it for backup. I want to configure SEP to ignore these file access.

Is the TrueScan Proactive Threat Exception the right way?

Kind regards,
Dennis

Operating Systems:

Comments 7 CommentsJump to latest comment

.Brian's picture

PTP is a heuristic based detection where it does behaviour analysis on the file. So this particular file would be excluded from PTP.

Here's what you can do.

Go into your AV policy.

Auto-Protect >> Advanced Scanning and Monitoring >> uncheck Scan when a file is backed up

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Disabling the "Scan when a file is backed up" would not scans the files when they are accessed during a backup operation.

Use this option if you did not run a virus check on the files that you want to back up.

Do not enable this option if you want to bypass Auto-Protect for the files that the client backs up. By using this option, you can significantly slow backup operations, because Auto-Protect scans each file that is included in the backup.

The setting applies only to files that are backed up. The client scans the files that it restores from a backup regardless of this setting.

You can lock or unlock this option to prevent or allow user changes.

Reference: https://www-secure.symantec.com/connect/forums/scan-when-file-backed

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your question.

In the SEPM Antivirus & Antispyware policy you can uncheck this option. By default this option is selected.

By doing uncheck this option you should achieve what you want.

Screenshot is attached to the reference.

Scan when a file is backed up_0.JPG

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

FunnyDingo's picture

This option is disabled.

But how can SEP differ between "normal files access" and "backup file access"? IMO for the filesystem (and filter drivers) it's only a simple read?

Chetan Savade's picture

Hi,

You should see performance improvement when the backup file access is unchecked.

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

.Brian's picture

Do you still require assistance? Please update the forum if you do or mark the thread that helped as "Solved" so it can benefit future users with the same question.

Thanks,
Brian
 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.