mdk 0 Posted March 15 Share Posted March 15 We have a strange problem on our Linux hosts: Whenever an automatic or manual scan (odcan / smart profile) is executed on NFSv3 exports (mounted in /etc/fstab with default settings) the actual ctime of files located on these NFS exports is altered. This can be verified by using the "ls -lc" or "stat" command afterwards. First it seems that this is not that big of a deal, but altering ctime by scanning files on remote filesystems triggers our backup solution. So doing a reliable incremental/differential backup is impossible, when a simple scan is messing with the ctime "flag" on these remote files. Is there a GUI option or parameter to stop Endpoint Protection (efs) from altering ctime on NFS? Can this be avoided by adding additional mount parameters to /etc/fstab? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted March 15 Administrators Share Posted March 15 We have tested it and ctime didn't change after a scan with odscan. Unless a threat is detected the scanner opens files in read-only mode and does not modify any metadata either. We assume that you have this setting enabled for the on-demand scanner profile used in the scan: Please raise a support ticket for further investigation. Link to comment Share on other sites More sharing options...
mdk 0 Posted March 15 Author Share Posted March 15 Tested on NFS? As you can see in the screenshot "read-only mode" is not the case for us and the metadata is modified. "Preserve last access timestamp" is enabled but I guess "last access timestamp" corresponds with atime and not ctime? Link to comment Share on other sites More sharing options...
Recommended Posts