Preventing AutoProtect from scanning files on read
search cancel

Preventing AutoProtect from scanning files on read


Article ID: 152451


Updated On:


Endpoint Protection


You need to prevent the Auto-Protect component of Symantec Antivirus for Linux (SAVFL) from scanning files as they are read.


Symantec recommends leaving the Auto-Protect scan settings for SAVFL at the defaults to provide the highest level of security. The following procedure will lower the security level of your computer as the Auto-Protect component will no longer scan files as they are read, but will still allow files to be scanned when executed, or created/modified. This can prevent some applications which frequently access many large and/or compressed files from failing.

Configuring Auto-Protect

  1. Change directories to the SAVFL installation directory (default /opt/Symantec/symantec_antivirus).
  2. Enter the following command:
    ./symcfg add -k "\Symantec Endpoint Protection\AV\Storages\FileSystem\RealTimeScan" -v Reads -d 0 -t REG_DWORD


Confirming the settings

  1. Run the following command:
    cat /proc/symap | grep flags

  2. confirm the output of the command contains a lower-case "rd" flag instead of an upper-case "RD" flag. For example: flags=0xdd (WR:rd:EX HC FL:ne:RM:FX:dy t0 nr)


Additional information on exclusions can be found in the Connect forum article  SAV for Linux Scanning Best Practices: A (Somewhat) Illustrated Guide