Files infected with a Virus are not removed from a shared storage location by Scan Engine
search cancel

Files infected with a Virus are not removed from a shared storage location by Scan Engine


Article ID: 153089


Updated On:


Protection Engine for Cloud Services Protection Engine for NAS


You have located an infected file on a shared storage location and would like to know why Scan Engine has not removed the threat.

This threat may of been detected whilst scanning the storage location with a file system Antivirus application (such as Symantec Endpoint Protection).


This can happen for various reasons including the following:

- The "Scan policy" setup in Scan Engine is set to "Scan and Repair", preventing Scan Engine offering a verdict to delete the file if the threat cannot be removed.

- Scan Engine's Virus definitions are out of date,  possibly preventing Scan Engine from identifying a new type of threat.

- Virus Scanning is not enabled in Scan Engine.

- Scan Engine is configured to NOT scan the file type where a threat was found.

- Scan Engine is honoring the Read-Only attribute of the file, preventing the threat within the file being removed.


- Set the "Scan Policy"  to "Scan and Delete". This will allow Scan Engine to delete the infected file if it is not repairable.

- Ensure that Scan Engine's Virus definitions are updated.  Checking the "Enable scheduled LiveUpdate"  option and setting the "LiveUpdate interval" to 2 hours will ensure Scan Engine is retrieving the latest Virus definitions.

- Ensure that the "Virus Scanning" option is enabled in Scan Engine. This option can be found under Policies ->  Scanning in the web interface of Scan Engine.

- Check if Scan Engine is configured to scan the file type where the detection was found, this can be verified in the Policies ->  Scanning page.

- Modify the HonorReadOnly command to overwrite the read-only setting so that Scan Engine can repair or delete infected read-only files.

This is mentioned in the following articles for both the EMC and Netapp filers.


How to configure SPE for NAS for use with NetApp Filer



Applies To

- You are using Symantec Scan Engine in conjunction with a Netapp

- RPC or ICAP is the Communication Protocol selected in Scan Engine's configuration page