When a USB storage device is plugged into the Windows system, SEPs AutoProtect component generates an event. Note:
This scan does not scan memory or loadpoints and is disabled by default.
The following registry key and values must be created on the client systems to enable this functionality as there is no configuration available from the SEP Manager at this time.
- Tamper Protection must be disabled on the SEP client endpoint before making registry key changes.
- To open the Registry Editor, click Start. In the Search programs and files field, enter regedit, and then click regedit.exe from the list of results.
- Alternately, click Start > Run, enter regedit, and then click OK.
- Navigate to the following registry subkey (or create it if it is missing):
- HKLM\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\LocalScans\Removable Media Scan Options\Schedule
- Find or create the Enabled (REG_DWORD) value and set it to a value of 1
- Find or create the Name (REG_SZ) value and set it to a value of Removable Media Scan
There is no need to restart the machine or the SEP services. In order to disable this feature, either set Enabled
to a value of 0
or delete the registry key values noted above.