Enabling the scanning of symbolic links in Symantec Endpoint Protection for Linux

book

Article ID: 178294

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

For improved performance, the Symantec Endpoint Protection (SEP) client for Linux does not scan symbolic links, commonly referred to as symlinks or soft links, by default. This is a change in the scanning behavior from Symantec Antivirus (SAV) for Linux, which scanned symbolic links by default. 

However, to improve the client computer's security posture, you can enable the scanning of symbolic links. Enabling this scanning option affects manual scans, scheduled scans, and Auto-Protect scans.

Note: For both managed and unmanaged computers, you can only configure this option through the command line interface on the client. You cannot configure this option through a Symantec Endpoint Protection Manager (SEPM) policy.

Note: You must have superuser privileges to perform the following procedures. These procedures use sudo to demonstrate this elevation of privilege.
 

To enable the scanning of symbolic links

  1. On the Linux computer, open a terminal application window.
  2. Enter the following command: 
    sudo ./symcfg add -k '\Symantec Endpoint Protection\AV' -v ScanSoftlink -d 1 -t REG_DWORD
    Enter your password if prompted.
  3. When the command prompt returns, close the terminal application window.


To disable the scanning of symbolic links

  1. On the Linux computer, open a terminal application window.
  2. Enter one of the following commands:
    • To remove the ScanSoftlink option:
      sudo ./symcfg delete -k '\Symantec Endpoint Protection\AV' -v ScanSoftlink
    • To set the ScanSoftlink option to 0:
      sudo ./symcfg add -k '\Symantec Endpoint Protection\AV' -v ScanSoftlink -d 0 -t REG_DWORD
    Enter your password if prompted.
  3. When the command prompt returns, close the terminal application window.