Knowledgebase
Knowledgebase:
Activity Monitor and Symantec Antivirus 10
Posted by Yuri M, Last modified by Yuri M on 08 May 2008 05:39 PM

Running Activity Monitor on computers protected by Symantec Antivirus 10

Some anti-virus and anti-spyware programs can detect such SoftActivity programs as Activity Monitor, Activity Monitor Agent and Activity Logger as spyware. To install SoftActivity software you must be the owner of the computer or authorized by the owner. In this case you may easily add SoftActivity programs to Exclude/Ignore/Exceptions list of your anti-spyware. Most of such programs provide such lists.
To monitor employee computers in your company or your home computer you need to install Activity Monitor Agent on the monitored computers. If you have Symantec Antivirus installed on the remote computer, it will prevent you from installing or running this program and report this attempt to the user. Follow these easy steps to safely disable Antivirus from detecting Activity Monitor Agent and stay protected by Antivirus.

Here are some articles from Symantec's Support Knowledge Base about setting up exclusions in their security software:

Symantec: Configuring global security risk exclusions in Symantec AntiVirus 10.1 and Symantec Client Security 3.1

 Symantec: Creating exceptions to security risk scanning in Symantec AntiVirus 10.1 and Symantec Client Security 3.1

Instructions for Symantec Antivirus 10 Corporale Client and Activity Monitor.
These instructions should be also valid or similar for other recent versions of Symantec Antivirus. In Corporale edition of Symantec Antivirus all described below changes to Antivirus Clients can be made from centralized Management Server.
For disabling detection of SoftActivity Activity Logger software instructions are basically the same, but you need to add Spyware.ActivityLog to lists of exclusions.

  1. Open Symantec Antivirus from Start menu or system tray
  2. Add Activity Monitor to list of Exceptions in Antivirus's Manual Scan configuration.
  3. To do this start with the following. Open Scan->Custom Scan in the tree. Click Options... button
    Activity Monitor with Symantect Antivirus
  4. Click Actions button (not shown here). Select Security Risks->Spyware in list. Switch to Exceptions tab and click Add button on the bottom of the window.
    Activity Monitor with Symantect Antivirus
  5. Wait until Antivirus loads list of known spyware. Mark a check box on the left of following spyware names:

    • Spyware.ActrivMonAgent
    • Spyware.ActrivMon
    • Spyware.AllInOne

    In fact machine with Activity Monitor requires exclusion only of Spyware.ActrivMon and Spyware.AllInOne. Machine with Agent requires exclusions of Spyware.ActrivMonAgent and Spyware.AllInOne
    (In some cases you will also need to exclude Spyware.ActivityLog threat in case Symantec still finds Activity Monitor after you excluded 3 threats above)
    Click Next to continue

    Activity Monitor with Symantect Antivirus

  6. On the next page select First Action: Exclude. Hit Finish button.

    There may be no Exclude option on this screen in Corporate Edition of SAV. In this case select Leave Alone (Log Only). This will work too and SAV will not inform users about presence of Activity Monitor
  7. You will have all 3 selected risks added to the exceptions list. Click OK to save these settings.
    Activity Monitor with Symantect Antivirus
  8. Add Activity Monitor to list of Exceptions File System Auto-Protect
  9. To do this start with the following. Select Configure -> File System Auto-Protect in tree view. Click Actions button on the right
    Activity Monitor with Symantect Antivirus
  10. Repeat steps 4-6 and add Spyware.ActiveMonAgent, Spyware.ActMon and Spwyare.AllInOne to Exceptions for Auto-Protect.
  11. Exclude Activity Monitor from Startup Scans. Open Starup Scan - Auto-Generated QuickScan, click Edit button:


  12. Repeat steps 4-6 and add Spyware.ActiveMonAgent, Spyware.ActMon and Spwyare.AllInOne to Exceptions for the Auto-Generated QuickScan. Repeat this for other custom scans in Startup Scans group
    (In some cases you will also need to exclude Spyware.ActivityLog threat in case Symantec still finds Activity Monitor after you excluded 3 threats above)
  13. Now Symantec will not detect and report neither Activity Monitor nor Activity Monitor Agent on this computer.
  14. Repeat these actions on all computers where you are going to install Activity Monitor Agent and Activity Monitor server part.
  15. Symantec Antivirus on your computer may have several custom scans listed on the left, such as Scheduled Scan, Startup Scans, Administrativer Scan, etc. Each of them has its own Exceptions list. You need to exclude Activity Monitor from each of these scans to avoid detection
P.S. Addition from Activity Monitor user:
You also need to exclude the AM folder underneath the All Users profile in "Documents and settings" and also the "Program Files\SoftActivity" folder. I have found that Symantec has scanned those folders and quarantined files from those directories and disable the agent.
(526 vote(s))
Helpful
Not helpful

Comments (0)
Powered by Kayako