search cancel

Symantec Endpoint Protection interactions with network drives

book

Article ID: 164109

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You need to know more about the Symantec Endpoint Protection (SEP) client interaction with network drives.

Resolution

FAQ

 

Scanning of network drives

 

Q. Does an Administrator-Defined Scan scan the mapped network drives?

A. No, it does not. However, if a file located on the network drive is run locally on the client computer and loaded in the memory at the time of the scheduled Administrator-Defined Scan, the file will be scanned at the source of the network drive.

 

Q. Does a Full or Active Scan created locally by the end user scan the mapped network drives?

A. No, it does not. However, if a file located on the network drive is run locally on the client computer and loaded in the memory at the time of the Full or Active Scan, the file will be scanned at the source of the network drive.

 

Q. Is it possible to exclude files running from network drives from a Full or Active Scan?

A. It is possible to exclude files running from network drives using an Application Exception only. The SEP client will not honor file or folder exception for network drives using the UNC (i.e. \\<networkdrive_ip_address>). Instead, you should map UNC locations to a drive in Windows and should create mapped drive letter exceptions for the best performance and reliability.

 

Q. Is it possible to exclude files running from mapped network drives from Auto-Protect?

A. It is possible to exclude files running from mapped network drives from being scanned by Auto-Protect using:

- A folder exception configured with the path of the mapped network drive;

- A file exception configured with the path of the mapped network drive;

- An application exception.

 

Auto-Protect Network Settings

 

Q. How Scan files on remote computer works?

A. Whenever a file located on a remote computer will be executed (and accessed / modified if [Only when files are executed] option is disabled), Auto-Protect will scan it and if malicious will remove it from the remote computer.

 

Q. How Only when files are executed works?

A. This setting applies only when a file is executed, such as an .exe, .cmd, .dll etc. and does not apply to files such as .txt, .docx, etc. You can disable this option to scan all files on remote computers, but you might impact your client computer performance.

 

Q. What are the risk and benefit of disabling Scan files on remote computer?

A. The risk is that malicious files can be executed on the client computer from the remote one without being detected by Auto-Protect. The benefit would only be performance related.

Note: if the option to Scan files on remote computer is disabled because of performance issue, you should consider an Application Control policy to prevent unauthorized files from running.

 

Ask for a password before scanning a mapped network drive

 

Q. Where to find the option Ask for a password before scanning a mapped network drive?

A. The option Ask for  password before scanning a mapped network drive is available from the Virus and Spyware Protection policy under Windows Settings > Advanced Options > Global Scan Options > Scan Network Drive.

 

Q. When will the password be required?

A. The end user will be prompt for the password when:

  1. When right clicking the mapped network drive or any folders or files from it.

  1. When creating a local Custom Scan which would include mapped network drives.

 

Attachments