Endpoint Protection

 View Only

  • 1.  TruScan Proactive Threat Exception

    Posted Jul 05, 2013 08:49 AM

    Hello,

    what exactly does Creating exceptions for TruScan Proactive Threat Scans mean? Is the process ignored if SEP identify it as a threat? Or are all activies by this process are ignored?

    What I want to achieve: if I understood it correctly, every file on our fileserver will be scanned if the backup tool access it for backup. I want to configure SEP to ignore these file access.

    Is the TrueScan Proactive Threat Exception the right way?

    Kind regards,
    Dennis



  • 2.  RE: TruScan Proactive Threat Exception

    Posted Jul 05, 2013 09:02 AM

    PTP is a heuristic based detection where it does behaviour analysis on the file. So this particular file would be excluded from PTP.

    Here's what you can do.

    Go into your AV policy.

    Auto-Protect >> Advanced Scanning and Monitoring >> uncheck Scan when a file is backed up

     



  • 3.  RE: TruScan Proactive Threat Exception

    Trusted Advisor
    Posted Jul 05, 2013 09:04 AM

    Hello,

    Disabling the "Scan when a file is backed up" would not scans the files when they are accessed during a backup operation.

    Use this option if you did not run a virus check on the files that you want to back up.

    Do not enable this option if you want to bypass Auto-Protect for the files that the client backs up. By using this option, you can significantly slow backup operations, because Auto-Protect scans each file that is included in the backup.

    The setting applies only to files that are backed up. The client scans the files that it restores from a backup regardless of this setting.

    You can lock or unlock this option to prevent or allow user changes.

    Reference: https://www-secure.symantec.com/connect/forums/scan-when-file-backed

    Hope that helps!!


  • 4.  RE: TruScan Proactive Threat Exception

    Broadcom Employee
    Posted Jul 05, 2013 09:30 AM

    Hi,

    Thank you for posting in Symantec community.

    I would be glad to answer your question.

    In the SEPM Antivirus & Antispyware policy you can uncheck this option. By default this option is selected.

    By doing uncheck this option you should achieve what you want.

    Screenshot is attached to the reference.

    Scan when a file is backed up_0.JPG

     



  • 5.  RE: TruScan Proactive Threat Exception

    Posted Jul 08, 2013 03:06 AM

    This option is disabled.

    But how can SEP differ between "normal files access" and "backup file access"? IMO for the filesystem (and filter drivers) it's only a simple read?



  • 6.  RE: TruScan Proactive Threat Exception

    Broadcom Employee
    Posted Jul 08, 2013 07:14 AM

    Hi,

    You should see performance improvement when the backup file access is unchecked.



  • 7.  RE: TruScan Proactive Threat Exception

    Posted Jul 09, 2013 07:42 AM

    Hi

    Please refer the link below

    http://www.symantec.com/business/support/index?page=content&id=HOWTO27055&actp=search&viewlocale=en_US&searchid=1373370047767

    Regards

     



  • 8.  RE: TruScan Proactive Threat Exception

    Posted Jul 09, 2013 09:49 AM

    Do you still require assistance? Please update the forum if you do or mark the thread that helped as "Solved" so it can benefit future users with the same question.

    Thanks,
    Brian