Endpoint Protection

 View Only

  • 1.  Automatic Detection on Managed Client SEP 12.1 RU6 ?

    Posted Sep 28, 2015 07:53 AM

    Hello,

    I am not a Linux expert. I am new on that domain.

    I have installed my first linux client following the great article

    http://www.symantec.com/connect/articles/how-install-symantec-endpoint-protection-1215-ru5-linux-operating-system.

    It is working, updating, reporting to the console.

    Nevertheless, something does not work as I would like, and I don't know if it is a normal behavior or not.

    Let me explain the situation.

    I have stopped the rtvscand service. Then, created a file with the EICAR test string signature, and then, started the rtvscand.

    When I open/edit the test file, it is removed by Symantec. But If I just browse the folder containg the test  file, it is not removed, even after 1 hour.

    Is that a normal behavior ?

    Does only real scan (scheduled or manual) can detect the virus test file ? or Autoprotect should find and destroy it ?

     

    Thank you for your help.

     

     

     



  • 2.  RE: Automatic Detection on Managed Client SEP 12.1 RU6 ?
    Best Answer

    Posted Sep 28, 2015 03:55 PM

    The file itself is not malicious. So it would only be caught if you 'action' the file (ie, open it) or during a scheduled scan.



  • 3.  RE: Automatic Detection on Managed Client SEP 12.1 RU6 ?

    Posted Sep 29, 2015 03:16 AM

    This is not the expected answer :) but if that is how it works, OK.

     

    Thank you ᗺrian for your answer.