Hi, I tried "symcfg add -k '\Symantec Endpoint Protection\AV' -v NoFileMod -d 1 -t REG_DWORD" to block Symantec Linux AV from changing ctime. How do I do the same for atime? Before scanning: # stat test.dd File: `test.dd' Size: 1024 Blocks: 8 IO Block: 4096 regular file Device: 805h/2053d Inode: 168 Links: 1 Access: (0644/-rw-r--r--) Access: 2013-08-13 16:52:57.000000000 -0500 Modify: 2013-08-19 17:37:10.224210371 -0500 Change: 2013-08-19 17:37:10.224210371 -0500 After scanning: # stat test.dd File: `test.dd' Size: 1024 Blocks: 8 IO Block: 4096 regular file Device: 805h/2053d Inode: 168 Links: 1 Access: (0644/-rw-r--r--) Access: 2013-08-19 17:38:18.859861156 -0500 Modify: 2013-08-19 17:37:10.224210371 -0500 Change: 2013-08-19 17:37:10.224210371 -0500 As you can observe, the atime was modified by Symantec AV scanner. I have other scripts that trigger on atime, but I don't want Symantec AV to change the atime which could then trigger my scripts inadvertently. Thanks.
I need a solution