Summary
The actual directory is excluded in the ServerProtect scanning but shadow copies of the directory are still scanned. As a result, virus notifications are sent every time a virus in a shadow copy is detected.
The following is a sample notification:
Control Manager [SERVER_name] notification: Virus found action result.
The first and second virus scan actions have been unsuccessful for the virus detected in /Servers/Server_name/Exchange bridgeheads/Server_name.
Check and update your components to the latest version.
Virus: Infected file: 58ac1 File path: \Device\HarddiskVolumeShadowCopy85\Program Files\Trend\IMSS\ISNTSmtp\quarantine4
Scan engine: 7.510.1002 Virus pattern: 2.615.00 Event date/time: 05/08/2005 10:44:06 PM
Details
To resolve the issue, enable the UNC path exclusions and set up a directory exclusion for the \Device folder.
- Close the ServerProtect Management Console
- Edit the admin.ini file in the /Program Files/Trend/SProtect directory of the Information Server.
- Add the following line under the [AdminServer] section:
ExcludeUNCPath=1
- Close and save the file.
To set up a directory exclusion for the \Device folder:
- Open the ServerProtect Management Console.
- Select the Set Scan Option, then click Exclusion List.
- Select the server name from the server list, then click Add in the Excluded directory list section.
- Specify the \Device folder to exclude any permutations of HarddiskVolumeShadowCopy## which may occur.
- Click OK.
- Click Apply to save the exclusion.
