Preserving ctime (change timestamp) on NFS

[mdk 0]

We have a strange problem on our Linux hosts: Whenever an automatic or manual scan (odcan / smart profile) is executed on NFSv3 exports (mounted in /etc/fstab with default settings) the actual ctime of files located on these NFS exports is altered.  This can be verified by using the  "ls -lc" or "stat" command afterwards.  First it seems that this is not that big of a deal, but altering ctime by scanning files on remote filesystems triggers our backup solution. So doing a reliable incremental/differential backup is impossible, when a simple scan is messing with the ctime "flag" on these remote files.

 

Is there a GUI option or parameter to stop Endpoint Protection (efs) from altering ctime on NFS? Can this be avoided by adding additional mount parameters to /etc/fstab?

 

 

[Marcos 5,074]

We have tested it and ctime didn't change after a scan with odscan. Unless a threat is detected the scanner opens files in read-only mode and does not modify any metadata either.

We assume that you have this setting enabled for the on-demand scanner profile used in the scan:

Please raise a support ticket for further investigation.

[mdk 0]

Tested on NFS? As you can see in the screenshot "read-only mode" is not the case for us and the metadata is modified.

"Preserve last access timestamp" is enabled but I guess "last access timestamp" corresponds with atime and not ctime?