Symantec® Endpoint Security v11xAV Settings for Windows File Archiver

Symantec^® Endpoint Security v11xAV can be configured on the computers that have the Windows File Archiver agent installed. It allows for scanning of processes that are running on the servers. By default these processes are scanned in real-time for known viruses as and when the files are being processed for archiving. The "Scanning Phase" of archiving keeps triggering the scanning process of the antivirus, which is very resource intensive.

However Symantec^® Endpoint Security can be configured to avoid scanning the archived files.

Follow the steps given below to configure the security system to avoid scanning of archived files:

Prerequisite

Before you begin, ensure that the following are enabled:

Active Scan (Upon Startup)

Customer Scan(S)

Full Scan

1. On the System Tray double-click the Symantec Endpoint Protection.

   

2. In the left pane click the Change Settings tab.

   

3. From the Antivirus and Antispyware Protection section, click the Configure Settings button.

   

4. Click the File System Auto-Protect tab and clear the Scan files on network drives checkbox. Click Advanced.

   

5. Under the Scan Files when section, click the Scan When a file is modified and clear Scan when a file is backed up checkbox. Click OK.

   

6. On the Symantec Endpoint Protection console click the Scan for threats tab.

   Note

   For any Symantec Endpoint Protection Management Console (SEP MC) controlled or policy scheduled scans ensure that the "Run Active Scan" and the "Run Full Scan" profiles are configured prior to deploying the SEP Client.

   This can be done through the SEP MC by setting up a Group Policy configuration that is enforced for the two choices.

   Otherwise make sure to de-activate the two choices on the SEP Client server.

   

Creating Custom Scheduled Scans

Each scan type must have a profile created that follows the same settings. Make sure these profiles are the only ones used for Client side scheduled scans or for manual scans.

Follow the steps given below to create profiles for each type of scan:

1. On the Symantec Endpoint Protection console click the Scan for threats tab and click Create a New Scan.

   

2. Click the Advanced button.

   

3. From the Storage Migration options list select Skip offline files.

   • Click the Open files using backup semantics checkbox.

   • Click OK.

   

Configuring Windows Registry

1. Start the Registry Editor on the computer where the file archiver agent is installed.

2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cvmhsm\Parameters\.

3. Right-click Parameters, point at New and click String Value.

4. In the Value Name box type ExcludeProcessX.

   Where X is the next consecutive number in the list (i.e. ExcludeProcess1, ExcludeProcess2, etc.)) for any process that should not initiate recalls.

   All ExcludeProcess names must be truncated to a maximum 15 character string value or the Windows OS Kernel Mode will not process the exclusion properly. This would result in the exclusion being ignored, unexpected recalls occurring and other unexplained stub activities.

   For example:

   Processnamelong (Truncated from Processnamelongerthen15characters.exe to meet 15 character limit)

   Note

   Ensure that in addition to registry keys with environment specific executables, ExcludeProcess registry is also created with RtvScan.exe as its value.

5. Restart the Commvault services for the registry to take its effect.