Topic: Disabling the Quick Scan that runs after virus definitions update in Symantec

[Pez]

Disabling the Quick Scan that runs after virus definitions update in Symantec AntiVirus 10.0 and Symantec Client Security 3.0
Article: TECH101323   |  Created: 2005-01-25 10:15 UTC   |  Updated: 2010-08-13 08:05 UTC  


Problem

After you update virus definitions, Symantec AntiVirus Corporate Edition 10.0 runs a Defwatch Quick Scan. Symantec AntiVirus quarantines security risks for which you created an exception during this Quick Scan. You need to know how to disable the Defwatch Quick Scan.


Solution

--------------------------------------------------------------------------------

Before you begin: This document applies to Symantec AntiVirus 10.0 and Symantec Client Security 3.0. If you use Symantec AntiVirus 10.1 or Symantec Client Security 3.1, read the following document:
Disabling the Quick Scan that runs after virus definitions update in Symantec AntiVirus 10.1 and Symantec Client Security 3.1
 


--------------------------------------------------------------------------------



A Quick Scan is a fast scan of the following:

Files loaded into memory
Common virus and security risk loading points, including registry keys and startup files

To disable the Quick Scan that runs after virus definitions update, follow the directions for each type of computer in your environment.


Servers
You can disable the Defwatch Quick Scan by importing a .reg file or by editing the registry. After you make this change, the Quick Scan still runs after virus definitions update, but the Quick Scan does not scan any files.

To disable the Defwatch Quick Scan by importing a .reg file

Download and import the DefwatchQSOff.reg file.

To disable the Defwatch Quick Scan by editing the registry

On the Windows taskbar, click Start > Run.
In the Open box, type the following text:

regedit

  
Click OK.
In the left pane of the Registry Editor, go to the following key:

HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\Defwatch QuickScan Options

  
In the right pane, double-click the ScanBootSector value.
Change the Value data field to 0, and then click OK.
In the right pane, double-click the ScanLoadPoints value.
Change the Value data field to 0, and then click OK.
In the right pane, double-click the ScanProcesses value.
Change the Value data field to 0, and then click OK.
Exit the Registry Editor.


Managed clients
You can disable the Defwatch Quick Scan on all managed clients by editing the registry on the parent server. After you make this change, the Quick Scan still runs after virus definitions update, but the Quick Scan does not scan any files.

To disable the Defwatch Quick Scan by editing the registry on the parent server

On the Windows taskbar, click Start > Run.
In the Open box, type the following text:

regedit

  
Click OK.
In the left pane of the Registry Editor, go to the following key:

HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\ClientConfig\LocalScans


Right-click the LocalScans key, and then click New > Key.
Type the following name for the key:

Defwatch QuickScan Options


Right-click the Defwatch QuickScan Options key, and then click New > DWORD Value.
Type the following name for the key:

ScanBootSector

  
Right-click the Defwatch QuickScan Options key, and then click New > DWORD Value.
Type the following name for the key:

ScanLoadPoints


Right-click the Defwatch QuickScan Options key, and then click New > DWORD Value.
Type the following name for the key:

ScanProcesses

  
In the right pane, double-click the ScanBootSector value.
Change the Value data field to 0, and then click OK.
In the right pane, double-click the ScanLoadPoints value.
Change the Value data field to 0, and then click OK.
In the right pane, double-click the ScanProcesses value.
Change the Value data field to 0, and then click OK.
If you use client groups, go to the following key:

HKEY_LOCAL_MACHINE\Software\Intel\LANDesk\VirusProtect6\CurrentVersion\Groups\<GroupName>\ClientConfig\LocalScans

where <GroupName> is the name of a client group.

  
Repeat steps 5–17, and then continue to step 20.
Repeat steps 18 and 19 for each client group.
Exit the Registry Editor.
Start Symantec System Center, and unlock the server group.
Right-click the parent server, and then click All Tasks > Symantec AntiVirus > Client Auto-Protect Options.
Click Reset All, and then click OK.


Unmanaged clients
You can disable the Defwatch Quick Scan by importing a .reg file or by editing the registry. After you make this change, the Quick Scan still runs after virus definitions update, but the Quick Scan does not scan any files.

To disable the Defwatch Quick Scan by importing a .reg file

Download and import the DefwatchQSOff.reg file.

To disable the Defwatch Quick Scan by editing the registry

On the Windows taskbar, click Start > Run.
In the Open box, type the following text:

regedit

  
Click OK.
In the left pane of the Registry Editor, go to the following key:

HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\LocalScans\Defwatch QuickScan Options

  
In the right pane, double-click the ScanBootSector value.
Change the Value data field to 0, and then click OK.
In the right pane, double-click the ScanLoadPoints value.
Change the Value data field to 0, and then click OK.
In the right pane, double-click the ScanProcesses value.
Change the Value data field to 0, and then click OK.
Exit the Registry Editor.





Technical Information
The Defwatch Quick Scan does not use the exclusions or exceptions that are set for the Default Quick Scan, which runs when the computer starts. You cannot configure the DefWatch Quick Scan by using Symantec System Center or in the Symantec AntiVirus program interface.


In Symantec AntiVirus 10.1 and later, you can turn off the Deftwach Quick Scan for managed clients by using Symantec System Center.

 

/apps/media/inquira/resources /resources  
/apps/media/inquira/resources /resources  

Value

Defect #1-4BQOJP


Article URL http://www.symantec.com/docs/TECH101323
________________________________________________________________________________________

Disabling the Quick Scan that runs after virus definitions update in Symantec AntiVirus 10.1 and Symantec Client Security 3.1
Article: TECH101761   |  Created: 2006-01-23 10:18 UTC   |  Updated: 2007-01-20 07:49 UTC 


Problem

After you update virus definitions, Symantec AntiVirus Corporate Edition 10.1 runs a Defwatch Quick Scan. You need to know how to disable the Defwatch Quick Scan.


Solution



--------------------------------------------------------------------------------
Before you begin: This document applies to Symantec AntiVirus 10.1 and Symantec Client Security 3.1. If your clients or servers run Symantec AntiVirus 10.0 or Symantec Client Security 3.0, read the following document:
Disabling the Quick Scan that runs after virus definitions update in Symantec AntiVirus 10.0 and Symantec Client Security 3.0

--------------------------------------------------------------------------------


A Quick Scan is a fast scan of the following:
Files loaded into memory
Common virus and security risk loading points, including registry keys and startup files


To disable the Quick Scan that runs after virus definitions update, follow the directions for each type of computer in your environment.

Managed clients
You can disable the Quick Scan that runs after virus definitions update by changing a setting in Symantec System Center.

To disable the Defwatch Quick Scan on managed clients
Start Symantec System Center.
Unlock the server group.
Right-click a server group, a client group, or a server, and then click All Tasks> Symantec AntiVirus> Client Administrator Only Options.
On the Scans tab, under Triggered Scans, uncheck Run a Quick Scan when new definitions arrive.
Click OK.


--------------------------------------------------------------------------------
Note: If Symantec AntiVirus quarantines security risks for which you created an exception during this Quick Scan, make sure that you add the security risk to the global exclusions list.
For directions, read Configuring global security risk exclusions in Symantec AntiVirus 10.1 and Symantec Client Security 3.1.

--------------------------------------------------------------------------------


Servers
On Symantec AntiVirus 10.1 servers, the Defwatch Quick Scan is disabled by default. You can disable or enable the Defwatch Quick Scan by editing the registry.

To disable or enable the Defwatch Quick Scan by editing the registry
On the Windows taskbar, click Start> Run.
In the Open box, type the following text:

regedit


Click OK.
In the left pane of the Registry Editor, go to the following key:

HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\AdministratorOnly\General


In the right pane, double-click the EnableDefwatchQuickscan value.
Do one of the following:
To disable the Defwatch Quick Scan, change the Value data field to 0, and then click OK.
To enable the Defwatch Quick Scan, change the Value data field to 1, and then click OK.


Exit the Registry Editor.



Unmanaged clients
You can disable the Defwatch Quick Scan by editing the registry.

To disable the Defwatch Quick Scan by editing the registry
On the Windows taskbar, click Start > Run.
In the Open box, type the following text:

regedit


Click OK.
In the left pane of the Registry Editor, go to the following key:

HKEY_LOCAL_MACHINE\Software\Intel\Landesk\VirusProtect6\CurrentVersion\AdministratorOnly\General


In the right pane, double-click the EnableDefwatchQuickscan value.
Change the Value data field to 0, and then click OK.
Exit the Registry Editor.





/apps/media/inquira/resources /resources   



Article URL http://www.symantec.com/docs/TECH101761
.

[Compstuff]

GREAT post!!!!