All files on an EMC Celerra Filer are still being scanned even after exclusions have been added in the Symantec Protection Engine Console for certain file extensions.

book

Article ID: 159368

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Scan Engine Protection Engine for NAS

Issue/Introduction

After adding files to the "File extension exclude list" in the Symantec Protection Engine Console under Policies > AntiVirus Scanning; I still see in the logs that these files are still being scanned when users access them on the EMC Filer.

Cause

File Exclusions added in the Protection Engine Console, are overridden by the AntiVirus settings on the EMC Celerra Filer.
ICAP commands can be issued to override settings.

Resolution

To properly exclude desired files from being scanned by the Symantec Protection Engine product please do the following.

1. On an EMC VNX/Celerra server the File Exclusion(s) should be added to the viruschecker.conf file, and the "virusshk" service restarted.
2. On an Isilon OneFS server in the web console under Data Protection > Antivirus > Settings please select "Scan all files except those with the following extensions or filenames", and add the file extension(s) you wish to exclude from scanning then click Submit.

For further information please refer to your EMC documentation for the NAS platform/software for your environment, or contact EMC support.

Additional notes:
Exclusion on Symantec Protection Engine are only for the AntiVirus.
File will still be streamed and will still be decomposed by Protection Engine.
Please note that Symantec Protection Engine is a passive Scanner and any exclusion have to be made a the source.