Each time an On-Demand scan is run in Symantec Endpoint Protection for Linux (SEPFL), the "ctime" of the scanned files is changed. (An On-Demand scan is a manual or scheduled scan.) This may make it appear that the date / time on a scanned file has changed.

Note: Backup software relying on "ctime" to track file changes may perform unwated backups following a scan.

In SEPFL, the default behavior can be changed by modifying the "NoFileMod" configuration setting. To modify this setting, follow the steps below:

1. Open a terminal window
2. Navigate to /opt/Symantec/symantec_antivirus directory
3. Type: sudo ./symcfg add -k '\Symantec Endpoint Protection\AV' -v NoFileMod -d 1 -t REG_DWORD

This will change the behavior of the On-Demand scanning in Symantec AntiVirus for Linux so that the "atime" alone is modified.

Applies To

SAVFL Maintenance Release 4 (version 1.0.4) or higher
SEPFL (SEP for Linux) 14.3 MP1 and earlier