Server Group exclusions created in Symantec System Center are not pushed to client computers
Question/Issue:
You are using Symantec System Center to configure Realtime Protection options at the server group level to exclude folders from scanning. Not all of the exclusions have taken effect on the clients.
For example, you have excluded the following folders:
C:\Temp
C:\Program Files\test
When you open the Symantec AntiVirus Corporate Edition client user interface and examine the configuration, you find that none of the exclusions is present. You may have also placed the Eicar.com test file in an excluded folder, but Realtime Protection attempts to clean and quarantine the file, which confirms that the exclusion is not enforced.
Solution:
This situation is usually caused by a configuration problem. When you configure Server Group exclusions in the Symantec System Center, it is important to remember the following:
- Changes that are made at the server group level will overwrite exclusions that are created at the client group or server levels.
- The path must be valid on the client systems.
For example, the C:\Temp folder must exist on the client if it is excluded.
- The lock icon should be toggled to appear locked next to the option "Exclude selected files and folders."
If that setting is unlocked, the settings may not propagate to existing clients.
- Exclusions that are created in the Symantec System Center are ony case-sensitive for non Windows opperation systesms.
If the case doesn't match the path on the client computer, the exclusion will not appear on the local client, and you might see a plus sign (+) next to the drive C that cannot be expanded. In this case, the exclusion should work even though it is not displayed.
If you have verified all of the above conditions, but the exclusion is still not in place, then go on to the next section.
To verify that the exclusion settings are in place
- On the primary server of the server group, verify that the excluded folders are listed in the following two registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\DomainData\ClientConfig\Storages\FileSystem\RealTimeScan\NoScanDir
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\FileSystem\RealTimeScan\NoScanDir
- On secondary servers, verify that the excluded folders are listed in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\ClientConfig\Storages\FileSystem\RealTimeScan\NoScanDir
- On the client, verify that the excluded folders are listed in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\FileSystem\RealTimeScan\NoScanDir
- Verify that the exclusion information was recorded in the Grc.dat file on the primary server. Look for lines similar to the following (using the example from the Situation above):
!KEY!=$REGROOT$\Storages\FileSystem\RealTimeScan\NoScanDir
GRC-State-Counter=D2
C:\temp=D1
C:\Program Files\test=D2
- Verify that the exclusion information was recorded in the Grcsrv.dat file on the primary server. Look for lines similar to the following:
!KEY!=$REGROOT$\ClientConfig\Storages\FileSystem\RealTimeScan\NoScanDir
C:\temp=D1
C:\Program Files\test=D2
If you have verified all of the above conditions and have found no problems, you may be experiencing an issue that was resolved in a new build of Symantec AntiVirus 8.1. Read the article
How to obtain an update or an upgrade for your Symantec Corporate product for instructions on receiving the latest inline release.
Document ID: 2002122305320148
Last Modified: 12/17/2009
Date Created: 12/23/2002
Operating System(s): Windows 98, Windows Me, Windows NT 4.0 SP6a, Windows 2000 Professional, Windows XP Home, Windows XP Professional Edition
Product(s): Symantec AntiVirus Corporate Edition 8.0
Release(s): SAV 8.0, SAV 8.01
Cart
PRINT THIS PAGE
RATE THIS PAGE