Overview:
When it comes to creating and configuring administrator-defined scans in the Symantec Endpoint Protection Manager, sometimes there isn't quite enough granularity. For example, let's say that all the clients addressed by your Virus and Spyware Policy group have 3 drives:
Let’s also say that you wanted to create an administrator-defined scan which would perform a scan on your C:\ drive once week, your E:\ drive once a month, and your F:\ drive once a day. While it’s possible for each individual client to decide on such custom scans using the client, there isn’t currently a way to create such a policy in the SEP manager using the graphical user interface (GUI). In the SEP manager, you are given only [COMMON_APPDATA], [COMMON_DESKTOPDIRECTORY], [COMMON_PROGRAMS], [COMMON_STARTUP], [PROGRAM_FILES], [PROGRAM_FILES_COMMON], [SYSTEM], and [WINDOWS] as scannable locations. This customized scanning policy is available for import into your SEP manager. It includes all 26 English letters. You can make customized scans using this prebuilt policy. This policy is not backwards compatible with older versions of Symantec Endpoint Protection.
Currently Supported version: Symantec Endpoint Protection Manager 12.1.4
Attachments: Discrete Drives Policy.zip
Instructions:
Note: This policy has been tested on SEP version 12.1.4 only. Backwards compatibility is not supported. Please upgrade to the latest version of SEP to use this policy. You can apply this policy to groups. These scans will show up as read-only scans in the client to which they are deployed.
TolgaTT:
To use the XML as a policy, simply ZIP it and rename it with a .dat extension. It should then be ready for import.
The download zip file only contains the XML file now , would you provide the .dat file or assist how to use the XML ?
Thanks
That appears to have fixed it. Thanks for the policy. It'll come in handy.
I took a look at the policy again and it looks like I uploaded the wrong version. The issue with the first policy is that when [COMMON_APPDATA] was removed, I left the brackets in place. In the XML, it should be ScanDirectories="A:\;", and not ScanDirectories="[A:\;]".
I double checked the scan policy and cross checked it with the logs on the SEPM. This should resolve your issue, but please let me know either way. Thanks for trying this policy!
During my testing, usually when the scan window immediately goes away, it means the drive doesn't exist or is not accessible (read-only CD-ROM, Removable device with nothing attached, etc). In this case, no files will be scanned. Are you sure that you are scanning a valid volume with contents inside of it?
I do recommened checking out the full article I mentioned in the previous comment, as it details the entire process of making the policy. You can customize it to your needs.
I hope this helps.
I'm on 12.1.4013 and the scans start, the progress window immeidately goes away. Looking that the logs, it scans no files. I looked at that other article and put together a test policy to try it out. Same result. There must be something in the XML that is keeping it from working.
Are you using Symantec Endpoint Protection version 12.1.4? If not, this prebuilt policy will not work.
Here is a link to a more detailed article where you may find exactly what needs to be tweaked.
https://www-secure.symantec.com/connect/articles/symantec-endpoint-protection-modifying-xml-based-policies-increased-functionality
I edited this policy and it comes up not scanning anything on any drives. All zeros. If I run an existing policy, I can get file scanning. Do you have any ideas what needs to be tweaked to make it work?
Thanks,