Endpoint Protection

 View Only

  • 1.  SAV Not Scanning Symlinks; 0 Files Scanned

    Posted Mar 23, 2017 11:48 AM

    Using the following command:

    sav manualscan -s /home/home-dir-links/

    where home-dir-links is a directory that contains many symlinks. 

    The resulting log from this scan looks like this:

    root,,,,,,,16777216,"Scan Complete:  Threats: 0   Scanned: 0   Files/Folders/Drives Omitted: 0"

    indicating that nothing was actually scanned. 

    SAV is supposed to scan symlinks by default. Am I missing something here? Any help would be greatly appreciated. 



  • 2.  RE: SAV Not Scanning Symlinks; 0 Files Scanned

    Posted Mar 23, 2017 12:30 PM

    Doesn't scan by default. See here:

    Enabling the scanning of symbolic links in Symantec Endpoint Protection for Linux



  • 3.  RE: SAV Not Scanning Symlinks; 0 Files Scanned

    Posted Mar 23, 2017 01:58 PM

    From that page:

    "This is a change in the scanning behavior from Symantec Antivirus (SAV) for Linux, which scanned symbolic links by default."

    I also ran:

    symcfg add -k '\Symantec Endpoint Protection\AV' -v ScanSoftlink -d 1 -t REG_DWORD

    Then restarted SAV and the problem persists when I scan again.



  • 4.  RE: SAV Not Scanning Symlinks; 0 Files Scanned

    Posted Mar 30, 2017 04:31 PM

    So I've updated SEP to 14.0.2332.0100. 

    I've verified that symlink scanning is enabled with 'symcfg -r list | grep ScanSoftlink'.

    '\Symantec Endpoint Protection\AV\ScanSoftlink   1       REG_DWORD' is present in the registry list. 

    I've restarted the symantec service several times and rebooted the server. Symantec is still not scanning symlinks. Still using 'sav manualscan -s /home/home-dir-links' where home-dir-links is a directory with a few thousand symlinks. 

    Anyone have anything else I can try?