How are network scan settings configured in Symantec Endpoint Protection (SEP)?
Configuration for network scans includes the following options
By default, Auto-Protect scans files as they are written from your computer to a remote computer. Auto-Protect also scans files when they are written from a remote computer to your computer.
When you read files on a remote computer, however, Auto-Protect might not scan the files. By default, Auto-Protect tries to trust remote versions of Auto-Protect. If the trust option is enabled on both computers, the local Auto-Protect checks the remote computer's Auto-Protect settings. If the remote Auto-Protect settings provide at least as high a level of security as the local settings, the local Auto-Protect trusts the remote Auto-Protect. When the local Auto-Protect trusts the remote Auto-Protect, the local Auto-Protect does not scan the files that it reads from the remote computer. The local computer trusts that the remote Auto-Protect already scanned the files.
Note: The local Auto-Protect always scans the files that you copy from a remote computer.
To enable network scanning from the Symantec Endpoint Protection Manager (SEPM), please do the following:
To enable network scanning from the Symantec Endpoint Protection client (self-managed), please do the following:
By default, Auto-Protect scans files on remote computers only when file are executed. You can disable the Only when files are executed option to scan all files on remote computers, but you might impact your client computer performance.
Additional network Auto-Protect settings
Trust files on remote computers running Auto-Protect is enabled by default and prevents Auto-Protect from performing duplicate scans while network scanning is enabled.
If this option is enabled on two clients, each client checks to see that the other's Auto-Protect settings are as secure as its own. Each client then trusts the Auto-Protect scan on the other and does not rescan any files.
For example, when client A accesses a file on a network drive on client B, client A's Auto-Protect checks client B's Auto-Protect settings. If client B's Auto-Protect is trustworthy, client A's Auto-Protect does not scan the file. If client B's Auto-Protect is not trustworthy, client A's Auto-Protect scans the file.
Disable this setting if you want to allow duplicate scanning. Duplicate scanning can reduce network performance on the client computer.
Note: This functionality applies only to read access. When client A requests write access from client B, client A's Auto-Protect scans the file regardless of this setting.
To configure trust on remote computers running Auto-Protect from the Symantec Endpoint Protection Manager, please do the following:
To configure trust on remote computers running Auto-Protect from the Symantec Endpoint Protection client (self-managed), please do the following:
Network cache enables a record of the files that Auto-Protect has already scanned from a remote computer. If you use a network cache, you prevent Auto-Protect from scanning the same file more than one time. When you prevent multiple scans of the same file, you might improve system performance. You can set the number of files (entries) that Auto-Protect scans and remembers. You can also set the timeout before your computer removes the entries from the cache. When the timeout expires, your computer removes the entries. Auto-Protect then scans the files if you request them from the remote computer again.
To configure a network cache from the Symantec Endpoint Protection Manager, please do the following:
To configure a network cache from the Symantec Endpoint Protection client (self-managed), please do the following:
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.