> Expert > Backup and Restore Agents > Archive Agents > File Archiving > Third-Party Software

Symantec® Endpoint Security v14xAV Settings for Windows File Archiver

Symantec® Endpoint Security v14xAV can be configured on computers that have Windows File Archiver agent installed. It allows for scanning of processes that are running on the servers. By default these processes are scanned in real-time for known viruses as and when the files are being processed for archiving. The "Scanning Phase" of archiving keeps triggering the scanning process of the antivirus, which is very resource intensive.

However Symantec® Endpoint Security can be configured to avoid scanning the archived files.

Note

All configuration settings described here should always be tested in the your CommCell Environment to confirm these settings meet all of the Security and Threat detection policies as well as all server, network and enterprise policies.

Follow the steps given below to configure the security system to avoid scanning of archived files:

Prerequisites

  1. Symantec® Endpoint Security must be version 14 or later.

  2. Enable the following:

    • Active Scan (Upon Startup)

    • Customer Scan(S)

    • Full Scan

  3. Create the following additional settings:

    For more information on creating an additional setting, see For instructions on adding the additional setting, see Adding or Modifying Additional Settings from the CommCell Console.

Procedure

  1. On the System Tray double-click the Symantec Endpoint Protection.

    symantec_v12_1

  2. In the left pane click the Change Settings tab.

  3. From the Virus and Spyware Protection section, click the Configure Settings button.

    symantec_v14_3

  4. Click the Auto-Protect tab and clear the Scan files on remote computers check box.

  5. Click Advanced.

    symantec_v14_4

  6. Under the Scan Files when section, click the Scan When a file is modified and clear the Scan when a file is backed up check box.

  7. Click OK.

    symantec_v14_5

  8. On the Symantec Endpoint Protection console click the Scan for threats tab.

    Note

    For any Symantec Endpoint Protection Management Console (SEP MC) controlled or policy scheduled scans ensure that the "Run Active Scan" and the "Run Full Scan" profiles are configured prior to deploying the SEP Client.

    This can be done through the SEP MC by setting up a Group Policy configuration that is enforced for the two choices.

    Otherwise make sure to de-activate the two choices on the SEP Client server.

symantec_v14_2

Creating Custom Scheduled Scans

Each scan type must have a profile created that follows the same settings. Make sure these profiles are the only ones used for Client side scheduled scans or for manual scans.

Follow the steps given below to create profiles for each type of scan:

  1. On the Symantec Endpoint Protection console click the Scan for threats tab and click Create a New Scan.

symantec_v14_2

  1. Click Next.

    symantec07_v14

  2. Click the Advanced button.

    symantec_v14_7

  3. From the Storage Migration options list select Skip offline files.

    • Click the Open files using backup semantics checkbox.

    • Click OK.

    symantec_v14_8

Configuring Windows Registry

Once the SEP Client is configured and before any scans are run please add the following changes to the Commvault Software registry section on the SEP Client server.

  1. Start the Registry Editor on the computer where the file archiver agent is installed.

  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cvmhsm\Parameters\.

  3. Right-click Parameters, point at New and click String Value.

  4. In the Value Name box type ExcludeProcessX.

    Where X is the next consecutive number in the list (i.e. ExcludeProcess1, ExcludeProcess2, etc.)) for any process that should not initiate recalls.

    All ExcludeProcess names must be truncated to a maximum 15 character string value or the Windows OS Kernel Mode will not process the exclusion properly. This would result in the exclusion being ignored, unexpected recalls occurring and other unexplained stub activities.

    For example:

    Processnamelong (Truncated from Processnamelongerthen15characters.exe to meet 15 character limit)

    Note

    Ensure that in addition to registry keys with environment specific executables, ExcludeProcess registries are also created with the following as their respective value:

    RtvScan.exe

    ccApp.exe

    ccSvcHst.exe

    Smc.exe

    Snac64.exe

  5. Restart the Commvault services for the registry to take its effect.

  6. In a cluster setup repeat all the above mentioned steps on all the physical machines.

mcafee07v9

Loading...