Endpoint Protection is not detecting EICAR on managed storage volume
book
Article ID: 188843
calendar_today
Updated On:
Products
Endpoint Protection
Issue/Introduction
SEP (Symantec Endpoint Protection) may not detect EICAR test or other risks on managed storage volumes (such as Veritas Storage Foundation, et al)
Environment
SEP Managed storage systems
Cause
This may be due to offline or sparse files or reparse points, or other such placeholders used for administering offline content in managed storage systems. It is usually best practice to not subject offline files to virus scans.
Resolution
SEP autoprotect knows nothing of these files unless their content is brought online. It is possible for a manual or scheduled scan to bring a file's content online but SEP is configured by default to prevent that so that scans do not unexpectedly bring a large amount of offline content back online. See series of screenshots below for how-to access these settings (Storage Migration settings tab in Advanced Scanning Options) in scheduled and on-demand (right-click, etc) scans.