Endpoint Protection

 View Only

  • 1.  Will SEP 12.1 be able to scan partions carved out of a NAS/SAN

    Posted Jul 09, 2013 10:44 AM

    I have a senario here ,

     

    We have a SAN/NAS box where we will create partions and provide it to virtal servers as D drive ,

    My question is will SEP 12.1 be able to scan the partion d drive of the server which has been presented from a SAN/NAS

     

    I know that there is a seprate software to scan the NAS directly called symantec protection engine ,

     

    But will SEP 12.1 scan the D drive of the Virtual server where d drive is presented from the SAN/NAS

     

    Abhishek



  • 2.  RE: Will SEP 12.1 be able to scan partions carved out of a NAS/SAN

    Posted Jul 09, 2013 10:48 AM

    Yes, if the D drive is mounted it will scan it. Any mounted drives will be scanned.

    If mapped, see this

    http://www.symantec.com/docs/TECH96284



  • 3.  RE: Will SEP 12.1 be able to scan partions carved out of a NAS/SAN

    Broadcom Employee
    Posted Jul 09, 2013 10:50 AM

    are you meaning mapped drives? if yes, it will be scan, however you need to configure in AV policy.



  • 4.  RE: Will SEP 12.1 be able to scan partions carved out of a NAS/SAN

    Trusted Advisor
    Posted Jul 09, 2013 11:10 AM

    Hello,

    For many reasons, including the typical large (terabytes) capacity of NAS, the Symantec Scan Engine is the right product to secure these machines.

    The use of the Symantec AntiVirus or Symantec Endpoint client to scan drives on a NAS device is not recommended and is not supported.

    I would recommendSymantec Protection Engine for Network Attached Storage

    Symantec Protection Engine for Network Attached Storage provides scalable, high-performance threat detection services. These services protect valuable data stored on network attached storage (NAS) devices, providing increased scanning performance and improved detection capabilities for protection against multi-blended threats. Protection Engine includes Symantec's industry-leading malware protection for fast, scalable, and reliable content scanning services. These help organizations protect their data and storage systems against the ever-growing malware threat landscape. Malware definitions and engines are updated automatically with no interruption in malware scanning using Symantec LiveUpdate. Definitions can also be distributed centrally to multiple deployments utilizing the included Symantec LiveUpdate Administrator application.

    Check this Thread:

    Difference between Symantec Endpoint protection and Symantec Scan Engine

    https://www-secure.symantec.com/connect/forums/different-between-symantec-endpoint-protection-and-symantec-scan-engine

    https://www-secure.symantec.com/connect/articles/what-symantec-antivirus-network-attached-storage-52

    https://www-secure.symantec.com/connect/forums/symantec-endpoint-client-symantec-av-nas-supported

    Hope that helps!!



  • 5.  RE: Will SEP 12.1 be able to scan partions carved out of a NAS/SAN

    Posted Jul 09, 2013 12:19 PM

    can someone tell me how to configure it in AV policy , scanning of mapped drive ....



  • 6.  RE: Will SEP 12.1 be able to scan partions carved out of a NAS/SAN

    Posted Jul 09, 2013 12:27 PM

    It can't be configured from the SEPM:

    "If a Full Scan is created by an administrator on SEPM and sent to the client in a policy, the Full Scan will not scan mapped network drives since this scan runs under the SYSTEM context."

    It needs to be created locally on the client:

    "If the Full Scan was created by the local user as an On Demand or Scheduled Scan, then it will treat mapped drives as local drive and scan them since both the scan and mapped network drives are created under the user context."

    KBA for reference:

    http://www.symantec.com/docs/TECH96284



  • 7.  RE: Will SEP 12.1 be able to scan partions carved out of a NAS/SAN

    Posted Jul 09, 2013 12:29 PM

    For NAS and SAN symantec has different products.you should consider using those

    http://www.symantec.com/protection-engine-network-attached-storage

    whenever a user defined scan is created. it will automatically scan all the drives mapped

    Admin defined scans like scheduled weekly scan will not scan the mapped drives.



  • 8.  RE: Will SEP 12.1 be able to scan partions carved out of a NAS/SAN

    Broadcom Employee
    Posted Jul 09, 2013 02:10 PM

    Hi Abhi,

    Thank you for posting in Symantec community.

    You should check this article

    When a Symantec Endpoint Protection (SEP) client's Full Scan is run, are mapped network drives included in the scan?

    http://www.symantec.com/docs/TECH96284 

    If the Full Scan was created by the local user as an On Demand or Scheduled Scan, then it will treat mapped drives as local drive and scan them since both the scan and mapped network drives are created under the user context. This is still the case if the AutoProtect option to scan network drives is disabled because that is an AutoProtect feature and does not have any bearing on local manual or scheduled scans.

    If a Full Scan is created by an administrator on SEPM and sent to the client in a policy, the Full Scan will not scan mapped network drives since this scan runs under the SYSTEM context

    Additional Note on Accounts and Permissions

    If a user account on a computer does not have sufficient access/permissions to the remote network share, then SEP scans and remediation attempts (delete, quarantine, clean etc) of items on that network share may fail.  A manual scan launched locally that is "Run as Administrator," or an admin account logged into the same computer running a SEP scan of the same mapped network drive, could conceivably have greater access/permissions and succeed in detecting and remediating malicious files there.