The syntax of adding Volume Shadow Copy, “value \device\”, works with Officescan but not with CPM. This is a product limitation of CPM.
Note: To see how it works in OfficeScan, refer to the KB Article Excluding Volume Shadow copies from OfficeScan client real-time scans
To resolve the issue:
- Import the Configure Default Real-Time Scan Settings [Core Protection Module] - Shadow Copy Exlusion.zip file to the ESP or Tivoli Endpoint Manager (TEM) console.
-
Deploy the extracted file to the target endpoints.Note: The action status might be "Fail" but its already applied to the target machines.
-
Verify that the "\device" scan exclusion can be seen in the target's registry as shown below:[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Real Time Scan Configuration]
"ExcludedFolder"="\\device|" - Run a scan to check if the scan exclusion for Volume Shadow Copy has been applied successfully.