Some files that are detected as infected by Symantec AntiVirus for Network Attached Storage 5.x, with the scan policy set to "scan and repair and delete", are not deleted off of the NetApp Filer by SAV for NAS

Symptoms
The Scan Engine log reports that the file in question was caught as infected but instead of listing the file Status as DELETED, Scan Engine reports NOT REPAIRED.

Infected files have the attribute set as "read only" By default, Scan Engine will not repair or delete infected files which have the Read Only file attribute set.

This could be caused by the Symantec AntiVirus for Network Attached Storage 5.x HonorReadOnly parameter.  By default SAV for NAS 5.x does not delete infected files that are read-only.  If the file we reported infected was read-only, SAV for NAS would not delete the file.  Rather SAV for NAS would report to the NetApp Filer that the file was infected, so that the Filer would block clients from accessing the file and we would log that we could not repair the file.  Since deleting was not an with HonorReadOnly set to true. 

To set the HonorReadOnly flag to false

1. At the command line, navigate to the installation location of Scan Engine.
2. At the command line, type the following command:
   xmlmodifier.exe -s /policies/Misc/HonorReadOnly/@value false policy.xml
   
3. Restart the Symantec Protection Engine (SPE) service to make the change effective

Technical Information

Best Practices for implementing Symantec Protection Engine for Network Attached Storage with a NetApp Filer

https://knowledge.broadcom.com/external/article?articleId=152420