cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Autoprotect issue with XP Embedded write filter and scan engine corporate edition

Jehova
Not applicable

‎10-21-2008 09:58 AM

Hi.

 

We are using windows XP Embedded SP2 together with symantec antivirus scan engine 10.5.1.5000

and please, note that we are using the XP Embedded's "file based write filter" that allow faster 

read/write operation and a suplementary protection mechanism against viruses.

 

We also use the security center server mechanism to centralize virus definition updates and clients

settings.

 

We use the antivirus on kind of unattended devices based on XP Embedded SP2 and everything 

worked really fine so far... We do not know (yet) when this exactly happended but let's say

that for the last two months, the symantec auto protect module does not work anymore.

 

It is still able to update with latest virus definition properly but it does not scan the system anymore.

We currently use scan engine version 10.1.5.5000 build 81.2.0.25 with virus definition of 10/16/2008 rev 4.

 

The only way we're able to make it work again is to use an older version of the scan engine and VD.

When using scan engine verson 10.1.5.5000 build 61.2.1.10 together with virus definition of 9/8/2006 rev4,

everything works fine even with the XPE write filter enabled.

 

We tried many things among which we have added many exclusion for the WPE write filter by even

excluding every root directories together with every files (hidden and not) on the root but without 

success. The other way we've made it works is by excluding the C:\ from the write filter mechanism.

 

So, we thing it has something to see with the latest scan engine (or one between 61.2.1.10 and 81.2.0.25)

together with the XPE Write Filter and the system root directory. May be AV now needs to tackle with the

MFT or tomething like that, who knows...

 

So if anybody has a cue about this issue, please let me know, we obviously don't want to rollback to an

older version of anti virus and yes, we already know that a windows XP Embedded specific version of 

symantec anti virus (corporate edition) is available but it implies many tests here in for us and so a lot

of time. Moreover, we still don't know if we're gonna have the same probleme even with the special XPE 

edition of symantec AV...

 

Regards,

 

fabien.

 

Software engineer

Cardinal Health

www.cardinalhealth.com

0 Kudos
0 REPLIES 0