search cancel

Endpoint Protection is not detecting EICAR on managed storage volume

book

Article ID: 188843

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

SEP (Symantec Endpoint Protection) may not detect EICAR test or other risks on managed storage volumes (such as Veritas Storage Foundation, et al)

Cause

This may be due to offline or sparse files or reparse points, or other such placeholders used for administering offline content in managed storage systems. It is usually best practice to not subject offline files to virus scans.

Environment

SEP
Managed storage systems

Resolution

SEP autoprotect knows nothing of these files unless their content is brought online. It is possible for a manual or scheduled scan to bring a file's content online but SEP is configured by default to prevent that so that scans do not unexpectedly bring a large amount of offline content back online. See series of screenshots below for how-to access these settings (Storage Migration settings tab in Advanced Scanning Options) in scheduled and on-demand (right-click, etc) scans.