Hello,
I am not a Linux expert. I am new on that domain.
I have installed my first linux client following the great article
http://www.symantec.com/connect/articles/how-install-symantec-endpoint-protection-1215-ru5-linux-operating-system.
It is working, updating, reporting to the console.
Nevertheless, something does not work as I would like, and I don't know if it is a normal behavior or not.
Let me explain the situation.
I have stopped the rtvscand service. Then, created a file with the EICAR test string signature, and then, started the rtvscand.
When I open/edit the test file, it is removed by Symantec. But If I just browse the folder containg the test file, it is not removed, even after 1 hour.
Is that a normal behavior ?
Does only real scan (scheduled or manual) can detect the virus test file ? or Autoprotect should find and destroy it ?
Thank you for your help.