Linux SEP AMD Scanner modifies files.
search cancel

Linux SEP AMD Scanner modifies files.

book

Article ID: 264502

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After installing SEP on our Linux build machines, intermittent problems are observed where the editor (vim) says that a file has been modified on disk. The only process accessing those files other than the editor is Symantec AMD.

2023-03-08 16:39:18: <trace> [APEventThread::run]:304 Received an event from ap driver                                                                                    
2023-03-08 16:39:18: <trace> [APEventThread::readDriver]:132File added : /srv/users/<user>/roaming/<ID>/scripts/<script_name> AP scan queue size : 1                   
2023-03-08 16:39:18: <trace> [APScanThread::run]:62 /srv/users/<user>/roaming/<ID>/scripts/<script_name>                                                               
2023-03-08 16:39:18: <trace> [AMDScanInterface::ScanFile]:68Entered /srv/users/<user>/roaming/<ID>/scripts/<script_name>                                               
2023-03-08 16:39:18: <trace> [AMDSefScanner::ScanFile]:86 Entered with file: /srv/users/<user>/roaming/<ID>/scripts/<script_name>                                      
2023-03-08 16:39:18: <trace> [AMDSefScanner::ScanFile]:197 Invoking SEf static_scanner::scan /srv/users/<user>/roaming/<ID>/scripts/<script_name>                      
2023-03-08 16:39:18: <trace> [AMDSefScanner::ProcessScanResults]:327 Filename: /srv/users/<user>/roaming/<ID>/scripts/<script_name>                                    
2023-03-08 16:39:18: <trace> [AMDSefScanner::ProcessScanResults]:331 Bytes scanned: 11829                                                                                 
2023-03-08 16:39:18: <trace> [AMDSefScanner::ProcessScanResults]:338 Files scanned: 1                                                                                     
2023-03-08 16:39:18: <trace> [AMDSefScanner::ProcessScanResults]:343 Encrypted: false                                                                                     
2023-03-08 16:39:18: <trace> [AMDSefScanner::ProcessScanResults]:358 File scanned clean                                                                                   
2023-03-08 16:39:18: <trace> [NotifyAction::NotifyAPDriver]:527 Response: 0  File: /srv/users/<user>/roaming/<ID>/scripts/<script_name> FID : 6f03f36 Device ID: 800003
2023-03-08 16:39:18: <trace> [AMDSefScanner::ScanFile]:228 SefScanner::CmdScan completed                                                                                  
2023-03-08 16:39:18: <trace> [AMDScanInterface::ScanFile]:72Completed /srv/users/<user>/roaming/<ID>/scripts/<script_name>                                             

Environment

Release : 14.3 RU5

Resolution

AP is changing modification timestamps on scanned files.

Powered by Wolken Software