mdk 0 Posted March 15, 2023 Share Posted March 15, 2023 We have a strange problem on our Linux hosts: Whenever an automatic or manual scan (odcan / smart profile) is executed on NFSv3 exports (mounted in /etc/fstab with default settings) the actual ctime of files located on these NFS exports is altered. This can be verified by using the "ls -lc" or "stat" command afterwards. First it seems that this is not that big of a deal, but altering ctime by scanning files on remote filesystems triggers our backup solution. So doing a reliable incremental/differential backup is impossible, when a simple scan is messing with the ctime "flag" on these remote files. Is there a GUI option or parameter to stop Endpoint Protection (efs) from altering ctime on NFS? Can this be avoided by adding additional mount parameters to /etc/fstab? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,406 Posted March 15, 2023 Administrators Share Posted March 15, 2023 We have tested it and ctime didn't change after a scan with odscan. Unless a threat is detected the scanner opens files in read-only mode and does not modify any metadata either. We assume that you have this setting enabled for the on-demand scanner profile used in the scan: Please raise a support ticket for further investigation. Link to comment Share on other sites More sharing options...
mdk 0 Posted March 15, 2023 Author Share Posted March 15, 2023 Tested on NFS? As you can see in the screenshot "read-only mode" is not the case for us and the metadata is modified. "Preserve last access timestamp" is enabled but I guess "last access timestamp" corresponds with atime and not ctime? Link to comment Share on other sites More sharing options...
Recommended Posts