You are using Command Line Scanner (a command driven tool to scan files) and notice that files are deleted even though you are using the parameter –onerror with a value of 'leave'.
This is caused by the default action for the antivirus scanning mode.
If you do not specify a scanning mode (using the parameter '-mode' and a value), the scan policy defaults to scanrepairdelete.
Command Line Scanner tries to repair infected (violating) files, but if files cannot be repaired they are deleted by the Command Line Scanner.
The parameter ‘-onerror’ does not relate to an action for a scan error but to what should happen if the Command Line Scanner has a problem attempting to replace an infected file.
The parameter ‘-onerror’ is applied later in the scanning process.
If a scan error occurs, the configured action for antivirus scanning is applied.
If that action is delete there is no longer a file to which to apply the ‘-onerror’ setting (should that be necessary).
The solution is to set the antivirus scanning parameter to
In the first case the file is scanned but no repair is attempted. In the second case the file is not deleted if the repair fails.
Command Line Scanner (ssecls.exe) is installed when you install Symantec Scan Engine (SSE). Command Line Scanner is an API that lets you use the Symantec Scan Engine service (symcscan.exe) for scanning files.
More about the -mode and the -onerror parameters:
-mode Optionally override the default antivirus scanning mode. The scanning modes that you can select are as follows:
• scanrepairdelete: If you do not specify a scanning mode, the scan policy defaults to scanrepairdelete. Symantec Scan Engine tries to repair infected files. Files that cannot be repaired are deleted. This is the recommended setting
• scan: Files are scanned, but no repair is attempted. Infected files are not deleted.
• scanrepair: Symantec Scan Engine tries to repair infected files. Files that cannot be repaired are not deleted.
-onerror Specify the disposition of a file that has been modified (repaired) by Symantec Scan Engine when an error occurs in replacing the file.
The default setting is to delete the file. You can specify one of the following:
• leave: The original (infected, violating) file is left in place.
• delete: The original (infected, violating) file is deleted, even though the replacement data is unavailable.
Imported Document Id
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.