ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Expected behavior for remote file scanning with Endpoint Protection for Linux

book

Article ID: 172448

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection for Linux (SEPFL) includes the option to 'Scan files on remote computers' for Auto-Protect/real time scans but not the other scan types. This may result in unexpected results.

Environment

Linux

Resolution

Scan Type Scan files on remote computers = Enabled Scan files on remote computers = Disabled
Real Time Scan Detects malicious files when accessed, modified, copied or altered. Does not detect any malicious file.
Manual Scan Detects malicious files when requested for scan. Detects malicious files when requested for scan.
User Defined Scan Detects malicious files when requested for scan. Detects malicious files when requested for scan.
Scheduled Scan Detects malicious files when requested for scan. Detects malicious files when requested for scan.

 

In the event a softlink that references a malicious file on a remote computer is present, Auto-Protect will detect and act on the malicious file while the option is enabled. When the option is disabled, Auto-Protect will leave the malicious file alone. Manually scanning the softlink results in the softlink being excluded.