mdk 0 Posted March 15 Share Posted March 15 We have a strange problem on our Linux hosts: Whenever an automatic or manual scan (odcan / smart profile) is executed on NFSv3 exports (mounted in /etc/fstab with default settings) the actual ctime of files located on these NFS exports is altered. This can be verified by using the "ls -lc" or "stat" command afterwards. First it seems that this is not that big of a deal, but altering ctime by scanning files on remote filesystems triggers our backup solution. So doing a reliable incremental/differential backup is impossible, when a simple scan is messing with the ctime "flag" on these remote files. Is there a GUI option or parameter to stop Endpoint Protection (efs) from altering ctime on NFS? Can this be avoided by adding additional mount parameters to /etc/fstab? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,614 Posted March 15 Administrators Share Posted March 15 We have tested it and ctime didn't change after a scan with odscan. Unless a threat is detected the scanner opens files in read-only mode and does not modify any metadata either. We assume that you have this setting enabled for the on-demand scanner profile used in the scan: Please raise a support ticket for further investigation. Quote Link to comment Share on other sites More sharing options...
mdk 0 Posted March 15 Author Share Posted March 15 Tested on NFS? As you can see in the screenshot "read-only mode" is not the case for us and the metadata is modified. "Preserve last access timestamp" is enabled but I guess "last access timestamp" corresponds with atime and not ctime? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.