Symantec Endpoint Protection: Custom Scanning by Drive Letter

Overview:

When it comes to creating and configuring administrator-defined scans in the Symantec Endpoint Protection Manager, sometimes there isn't quite enough granularity. For example, let's say that all the clients addressed by your Virus and Spyware Policy group have 3 drives:

1. C:\        where your Windows installation resides.
2. E:\        an extra storage drive.
3. F:\        another extra storage drive.
    

Let’s also say that you wanted to create an administrator-defined scan which would perform a scan on your C:\ drive once week, your E:\ drive once a month, and your F:\ drive once a day. While it’s possible for each individual client to decide on such custom scans using the client, there isn’t currently a way to create such a policy in the SEP manager using the graphical user interface (GUI). In the SEP manager, you are given only [COMMON_APPDATA], [COMMON_DESKTOPDIRECTORY], [COMMON_PROGRAMS], [COMMON_STARTUP], [PROGRAM_FILES], [PROGRAM_FILES_COMMON], [SYSTEM], and [WINDOWS] as scannable locations.

This customized scanning policy is available for import into your SEP manager. It includes all 26 English letters. You can make customized scans using this prebuilt policy. This policy is not backwards compatible with older versions of Symantec Endpoint Protection.
 

Currently Supported version:
Symantec Endpoint Protection Manager 12.1.4
 

Attachments: 
Discrete Drives Policy.zip

Instructions:

1. Open your SEP Manager and navigate to the Policies tab. Select “Add a Virus and Spyware Protection Policy”.

    

2. Select the file “Custom Scanning Policy.dat” (included as attachment in this post) and click “Import.”

    

3. Your custom discrete drive policy is now imported. Double click the policy titled "Discrete Drives Policy" to open the edit window.

    

4. It is now possible to create Administrator-defined scans based on discrete drive letters to drive letters A:\ - Z:\. 

Note: This policy has been tested on SEP version 12.1.4 only. Backwards compatibility is not supported. Please upgrade to the latest version of SEP to use this policy. You can apply this policy to groups. These scans will show up as read-only scans in the client to which they are deployed.