When a Symantec Endpoint Protection (SEP) client's Full Scan is run, are mapped network drives included in the scan?
If the Full Scan was created by the local user as an On Demand or Scheduled Scan, then it will treat mapped drives as local drive and scan them since both the scan and mapped network drives are created under the user context. This is still the case if the AutoProtect option to scan network drives is disabled because that is an AutoProtect feature and does not have any bearing on local manual or scheduled scans.
If a Full Scan is created by an administrator on SEPM and sent to the client in a policy, the Full Scan will not scan mapped network drives since this scan runs under the SYSTEM context.
Additional Note on Accounts and Permissions
If a user account on a computer does not have sufficient access/permissions to the remote network share, then SEP scans and remediation attempts (delete, quarantine, clean etc) of items on that network share may fail. A manual scan launched locally that is "Run as Administrator," or an admin account logged into the same computer running a SEP scan of the same mapped network drive, could conceivably have greater access/permissions and succeed in detecting and remediating malicious files there.
Imported Document ID: TECH96284
Subscribing will provide email updates when this Article is updated. Login is required.