Endpoint Protection is not detecting EICAR on managed storage volume
Article ID: 188843
SEP (Symantec Endpoint Protection) may not detect EICAR test or other risks on managed storage volumes (such as Veritas Storage Foundation, et al)
This may be due to offline or sparse files or reparse points, or other such placeholders used for administering offline content in managed storage systems. It is usually best practice to not subject offline files to virus scans.
SEP Managed storage systems
SEP autoprotect knows nothing of these files unless their content is brought online. It is possible for a manual or scheduled scan to bring a file's content online but SEP is configured by default to prevent that so that scans do not unexpectedly bring a large amount of offline content back online. See series of screenshots below for how-to access these settings (Storage Migration settings tab in Advanced Scanning Options) in scheduled and on-demand (right-click, etc) scans.