search cancel

Endpoint Protection for Linux: "ctime" is changed after running an On-Demand scan


Article ID: 158837


Updated On:


Endpoint Protection


Each time an On-Demand scan is run in Symantec Endpoint Protection for Linux (SEPFL), the "ctime" of the scanned files is changed. (An On-Demand scan is a manual or scheduled scan.) This may make it appear that the date / time on a scanned file has changed.

Note: Backup software relying on "ctime" to track file changes may perform unwated backups following a scan.


In SEPFL, the default behavior can be changed by modifying the "NoFileMod" configuration setting. To modify this setting, follow the steps below:

  1. Open a terminal window
  2. Navigate to /opt/Symantec/symantec_antivirus directory
  3. Type: sudo ./symcfg add -k '\Symantec Endpoint Protection\AV' -v NoFileMod -d 1 -t REG_DWORD

This will change the behavior of the On-Demand scanning in Symantec AntiVirus for Linux so that the "atime" alone is modified.



Applies To

SAVFL Maintenance Release 4 (version 1.0.4) or higher
SEPFL, all versions