Configuring network scan settings in Endpoint Protection

book

Article ID: 177821

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How are network scan settings configured in Symantec Endpoint Protection (SEP)?
 

Resolution

Configuration for network scans includes the following options

  • Configure whether or not your Auto-Protect scans network drives.
  • Configure whether or not your Auto-Protect trusts files on the remote computers that run Auto-Protect.
  • Configure whether or not your computer should use a cache to store a record of the files that Auto-Protect scans from a remote computer.


By default, Auto-Protect scans files as they are written from your computer to a remote computer. Auto-Protect also scans files when they are written from a remote computer to your computer.

When you read files on a remote computer, however, Auto-Protect might not scan the files. By default, Auto-Protect tries to trust remote versions of Auto-Protect. If the trust option is enabled on both computers, the local Auto-Protect checks the remote computer's Auto-Protect settings. If the remote Auto-Protect settings provide at least as high a level of security as the local settings, the local Auto-Protect trusts the remote Auto-Protect. When the local Auto-Protect trusts the remote Auto-Protect, the local Auto-Protect does not scan the files that it reads from the remote computer. The local computer trusts that the remote Auto-Protect already scanned the files.

Note: The local Auto-Protect always scans the files that you copy from a remote computer.

To enable network scanning from the Symantec Endpoint Protection Manager (SEPM), please do the following: 

  1. Under the Policies Tab, select Virus and Spyware Protection.
  2. Click the policy you would like to modify and select Edit the Policy.
  3. Click Auto-Protect.
  4. Under Network Settings, enable Scan files on remote computers.
  5. Click OK.
  6. Assign the policy by clicking Assign the Policy, then check each group to which the policy should apply.
  7. Click Assign, then click Yes.

To enable network scanning from the Symantec Endpoint Protection client (self-managed), please do the following: 

  1. In the client, in the sidebar, click Change Settings.
  2. Next to Virus and Spyware Protection, click Configure Settings.
  3. On the Auto-Protect tab, enable Scan files on remote computers.

By default, Auto-Protect scans files on remote computers only when file are executed. You can disable the Only when files are executed option to scan all files on remote computers, but you might impact your client computer performance.

Additional network Auto-Protect settings

Trust files on remote computers running Auto-Protect 
is enabled by default and prevents Auto-Protect from performing duplicate scans while network scanning is enabled.

If this option is enabled on two clients, each client checks to see that the other's Auto-Protect settings are as secure as its own. Each client then trusts the Auto-Protect scan on the other and does not rescan any files.

For example, when client A accesses a file on a network drive on client B, client A's Auto-Protect checks client B's Auto-Protect settings. If client B's Auto-Protect is trustworthy, client A's Auto-Protect does not scan the file. If client B's Auto-Protect is not trustworthy, client A's Auto-Protect scans the file.

Disable this setting if you want to allow duplicate scanning. Duplicate scanning can reduce network performance on the client computer.

Note: This functionality applies only to read access. When client A requests write access from client B, client A's Auto-Protect scans the file regardless of this setting.

To configure trust on remote computers running Auto-Protect from the Symantec Endpoint Protection Manager, please do the following: 

  1. Under the Policies Tab, select Virus and Spyware Protection.
  2. Click the policy you would like to modify and select Edit the Policy.
  3. Click Auto-Protect.
  4. Under Network Settings, click Network Settings...
  5. Check or uncheck Trust files on remote computers running Auto-Protect
  6. Assign the policy by clicking Assign the Policy, then check each group to which the policy should apply.
  7. Click Assign, then click Yes.
     

To configure trust on remote computers running Auto-Protect from the Symantec Endpoint Protection client (self-managed), please do the following:

  1. In the client, in the sidebar, click Change Settings.
  2. Next to Virus and Spyware Protection, click Configure Settings.
  3. On the Auto-Protect tab, click Advanced.
  4. In the Auto-Protect Advanced Options dialog box, under Additional advanced options, click Network.
  5. Check or uncheck Trust files on remote computers running Auto-Protect.‚Äč
     

Network cache enables a record of the files that Auto-Protect has already scanned from a remote computer. If you use a network cache, you prevent Auto-Protect from scanning the same file more than one time. When you prevent multiple scans of the same file, you might improve system performance. You can set the number of files (entries) that Auto-Protect scans and remembers. You can also set the timeout before your computer removes the entries from the cache. When the timeout expires, your computer removes the entries. Auto-Protect then scans the files if you request them from the remote computer again.

To configure a network cache from the Symantec Endpoint Protection Manager, please do the following: 

  1. Under the Policies Tab, select Virus and Spyware Protection.
  2. Click the policy you would like to modify and select Edit the Policy.
  3. Click Auto-Protect.
  4. Under Network Settings, click Network Settings...
  5. Check or uncheck Network cache.
  6. If you enabled the network cache, use the defaults or do any of the following actions:
    • Type the number of seconds for which you want entries to remain in the cache before your computer clears the cache.
    • Use the arrows or type in the number of files (entries) that you want Auto-Protect to scan and remember.
  7. Assign the policy by clicking Assign the Policy, then check each group to which the policy should apply.
  8. Click Assign, then click Yes.
     

To configure a network cache from the Symantec Endpoint Protection client (self-managed), please do the following: 

  1. In the client, in the sidebar, click Change Settings.
  2. Next to Virus and Spyware Protection, click Configure Settings.
  3. On the Auto-Protect tab, click Advanced.
  4. In the Auto-Protect Advanced Options dialog box, under Additional advanced options, click Network.
  5. In the Network Scanning Settings dialog box, check or uncheck Network cache.
  6. If you enabled the network cache, use the defaults or do any of the following actions:
    • Type the number of seconds for which you want entries to remain in the cache before your computer clears the cache.
    • Use the arrows or type in the number of files (entries) that you want Auto-Protect to scan and remember.
  7. Click OK until you return to the main window.

 

References
For SEP 12.1.x:  Client Guide for Symantec Endpoint Protection and Symantec Network Access Control

For SEP 14,x  Symantec Endpoint Protection 14 Windows Client Guide

Security Response recommendations for Symantec Endpoint Protection 12.1 settings