Endpoint Protection for Linux: "ctime" is changed after running an On-Demand scan

book

Article ID: 158837

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Each time an On-Demand scan is run in Symantec Endpoint Protection for Linux (SEPFL), the "ctime" of the scanned files is changed. (An On-Demand scan is a manual or scheduled scan.) This may make it appear that the date / time on a scanned file has changed.

Note: Backup software relying on "ctime" to track file changes may perform unwated backups following a scan.

Resolution

In SEPFL, the default behavior can be changed by modifying the "NoFileMod" configuration setting. To modify this setting, follow the steps below:

  1. Open a terminal window
  2. Navigate to /opt/Symantec/symantec_antivirus directory
  3. Type: sudo ./symcfg add -k '\Symantec Endpoint Protection\AV' -v NoFileMod -d 1 -t REG_DWORD

This will change the behavior of the On-Demand scanning in Symantec AntiVirus for Linux so that the "atime" alone is modified.

 

 

Applies To

SAVFL Maintenance Release 4 (version 1.0.4) or higher
SEPFL, all versions