Each time an On-Demand scan is run in Symantec Endpoint Protection for Linux (SEPFL), the "ctime" of the scanned files is changed. (An On-Demand scan is a manual or scheduled scan.) This may make it appear that the date / time on a scanned file has changed.
Note: Backup software relying on "ctime" to track file changes may perform unwated backups following a scan.
In SEPFL, the default behavior can be changed by modifying the "NoFileMod" configuration setting. To modify this setting, follow the steps below:
This will change the behavior of the On-Demand scanning in Symantec AntiVirus for Linux so that the "atime" alone is modified.
SAVFL Maintenance Release 4 (version 1.0.4) or higher
SEPFL, all versions