Endpoint Protection

 View Only

  • 1.  Linux system scan shows 1000s of files/folders as skipped

    Posted Oct 16, 2017 02:09 PM
      |   view attached

    Hello,  We are on SEP version 14 MP2. Whenever i scan my linux endpoints, the scan result in the SEP Manager shows 1000s of files/folders as skipped on the endpoint.  I am running the scan as root user and we don't have any exceptions configured. How can i get a list of files/folders that were skipped during the scan ?  I am disappointed that the SEP Manager doesn't even show details of directories that were skipped.  Morever, there isn't even any log file generated on the local linux endpoint itself that logs these details .

     

     

     



  • 2.  RE: Linux system scan shows 1000s of files/folders as skipped

    Posted Oct 16, 2017 02:17 PM

    Is there any exceptions in place that may be causing this? I don't see anything in the release notes to indicate this is a bug.



  • 3.  RE: Linux system scan shows 1000s of files/folders as skipped

    Posted Oct 16, 2017 02:24 PM

    Thanks for replying Brian. No we don't have any exceptions configured in the SEP Manager console.  If i click on "Policies >> Exceptions" in the SEP Manager console, it shows only 1 default policy that was created automatically during the installation. This doesn't have anything listed underneath it.

     



  • 4.  RE: Linux system scan shows 1000s of files/folders as skipped

    Posted Oct 16, 2017 03:50 PM
    I'm not 100% sure on the linux client, but the windows client keeps track of all files scanned within a given virus definition through a file scan cache. If a file has already been touched by a def scan or autoprotect it will be skipped until Symantec releases a new set of definitions. My guess is that the files you are seeing being skipped has already been scanned.


  • 5.  RE: Linux system scan shows 1000s of files/folders as skipped

    Posted Oct 16, 2017 04:24 PM

    Thanks Torb. The virus scan on the linux endpoint was the 1st manual scan that i ran on that system immediately after installing the AV. If the 1st scan is itself showing 1000s of directories omitted then as an end user it would be nice to know what is causing it. Tech support has no clue about it. I already have a ticket open and they don't have an answer.  Thanks for your suggestion that if a file has already been touched by auto protect, it will be skipped. But i couldn't find this documented anywhere.

     



  • 6.  RE: Linux system scan shows 1000s of files/folders as skipped

    Posted Oct 16, 2017 04:53 PM

    See https://support.symantec.com/en_US/article.TECH191600.html



  • 7.  RE: Linux system scan shows 1000s of files/folders as skipped
    Best Answer

    Posted Jan 09, 2018 11:45 AM

    FYI it turns out that the files skipped were from the Linux virtual filesystems /proc/ etc. The local /var/log/syslog or dmesg will show the directories being skipped.