search cancel

Endpoint Protection is not detecting EICAR on managed storage volume


Article ID: 188843


Updated On:


Endpoint Protection


SEP (Symantec Endpoint Protection) may not detect EICAR test or other risks on managed storage volumes (such as Veritas Storage Foundation, et al)


Managed storage systems


This may be due to offline or sparse files or reparse points, or other such placeholders used for administering offline content in managed storage systems. It is usually best practice to not subject offline files to virus scans.


SEP autoprotect knows nothing of these files unless their content is brought online. It is possible for a manual or scheduled scan to bring a file's content online but SEP is configured by default to prevent that so that scans do not unexpectedly bring a large amount of offline content back online. See series of screenshots below for how-to access these settings (Storage Migration settings tab in Advanced Scanning Options) in scheduled and on-demand (right-click, etc) scans.