You are managing Symantec Endpoint Protection for Linux (SEPfL) 14 clients. In Symantec Endpoint Protection Manager (SEPM) 14, you change actions on virus and security risks to "Leave alone (log only)" for Auto-Protect and/or Scheduled / Manual scans. In spite of the change, you notice clients continue to delete or quarantine detected files.

SEPM and SEPfL 14

SEPM 14 incorrecly compiles and publishes the Virus and Spyware Protection policy with regards to Auto-Protect and Manual/Scheduled Scan Actions for SEPfL clients.

The issue has been resolved in SEPM 14.2

As a temporary workaround for Auto-Protect real time scanning or Scheduled Scans, you can set overriding actions on all sub-categories to "Leave alone (log only)", or any other required action. It has been observed, however, that overriding the subcategories does not work for Manual Scans.