Endpoint Protection

 View Only

  • 1.  SEP 12.1 Automatic Scan

    Posted Mar 19, 2014 03:22 PM

     

    What's up group!

    Before I clobber my sys admin about this I wanted to rule out something on the local machines we have. Ever since we upgraded to SEP version 12 from 11, everytime a new definition is added, the computer starts to scan. We see nothing in the SEP scan window. No processes referencing SEP scanning. Nor do we see anything in the logs. But all machines definitely start to scan as soon as the def reaches the machine. Our sys admin said that the option to to this in management console is off.

    Anyone know what would cause this behavior?

     

     

     



  • 2.  RE: SEP 12.1 Automatic Scan

    Posted Mar 19, 2014 03:23 PM

    They scan when new defs arrive. this option is in the AV policy, which you can change/disable. See here:

    http://www.symantec.com/docs/TECH106098



  • 3.  RE: SEP 12.1 Automatic Scan

    Posted Mar 19, 2014 03:27 PM

     

    Thanks _Brian!

    Sorry, how exactly would i get to that?

     

     

     



  • 4.  RE: SEP 12.1 Automatic Scan

    Posted Mar 19, 2014 03:29 PM

    Here it is:

    http://www.symantec.com/docs/TECH106098



  • 5.  RE: SEP 12.1 Automatic Scan

    Posted Mar 19, 2014 09:58 PM
      |   view attached

    Hi Harper,

     

    To disable actively scan,

    Access the SEPM console>

    Go to Policy Tab>

    Select your applied AV policy>Right Click, Edit>

    Go to Administrator-Defined Scan>

    Uncheck Run an Active Scan when new definitions arrive>

    Click Ok to save changes>

    Then Apply the AV policy to your clients>

     

    Please see attached screenshot for your reference.

     

    Regards,

    JM

     



  • 6.  RE: SEP 12.1 Automatic Scan

    Posted Mar 20, 2014 01:09 PM

    Thanks for the response guys! I just checked with our sys admin and he said this is exactly how it's set up.

    They have it set to the exact way the screenshot you guys sent has it.

     

    Any other tricks?

     

     

     



  • 7.  RE: SEP 12.1 Automatic Scan

    Posted Mar 20, 2014 01:20 PM

    Does do you have unchecked Run an Active Scan when new definitions arrive ?

    See this thread

    https://www-secure.symantec.com/connect/forums/disabling-triggered-scans-sep-121



  • 8.  RE: SEP 12.1 Automatic Scan

    Posted Mar 20, 2014 01:22 PM

    Yes. It's unchecked. I have a screenshot of it here:

     

    SEPconsole.png

     

     

     



  • 9.  RE: SEP 12.1 Automatic Scan

    Posted Mar 20, 2014 01:25 PM

    Call Support get the tool to remove all the previously defined scans ( I dont remember the name) 

    run it on the box, it should remove those, 

    This happens if you have upgraded from 11.x to 12.1, where you might had this setting configured in 11.x



  • 10.  RE: SEP 12.1 Automatic Scan

    Posted Mar 20, 2014 01:25 PM

    You might also try disbaling the rescan of the file cache on def update, which is separate from the options already mentioned above.

    http://www.symantec.com/docs/HOWTO27136

    This is found in the Virus and protection policy, under Auto-Protect -> Advanced -> File Cache -> Untick the option to "rescan cache when new defintiions arrive".

    Note: this rescanning of the cache is only a performance setting, and does not affect security.

    Essentially, all the file cache does is keep track of files SEP believes to be clean.  The "rescan on new definitions" is there just to front-load the effort of making sure these files previously thought to be clean, are still clean.  Without the rescan, SEP just waits until the file is accessed again to scan it with Auto-Protect.