Running Activity Monitor on computers protected by Symantec Antivirus 10
Some anti-virus and anti-spyware programs can detect such SoftActivity programs as
Activity Monitor, Activity Monitor Agent and Activity Logger as spyware.
To install SoftActivity software you must be the owner of the computer or authorized by the
owner. In this case you may easily add SoftActivity programs to Exclude/Ignore/Exceptions list of your
anti-spyware. Most of such programs provide such lists.
To monitor employee computers in your company or your home computer you need to install
Activity Monitor Agent on the monitored computers. If you have Symantec Antivirus installed
on the remote computer, it will prevent you from installing or running this program and report
this attempt to the user.
Follow these easy steps to safely disable Antivirus from detecting Activity Monitor Agent and stay
protected by Antivirus.
Here are some articles from Symantec's Support Knowledge Base about setting up exclusions in their security software:
Symantec: Configuring global security risk exclusions in Symantec AntiVirus 10.1 and Symantec Client Security 3.1
Symantec: Creating exceptions to security risk scanning in Symantec AntiVirus 10.1 and Symantec Client Security 3.1
Instructions for Symantec Antivirus 10 Corporale Client and Activity Monitor.
These instructions should be also valid or similar for other recent versions of Symantec Antivirus.
In Corporale edition of Symantec Antivirus all described below changes to Antivirus Clients can be
made from centralized Management Server.
For disabling detection of SoftActivity Activity Logger software instructions are basically the same,
but you need to add Spyware.ActivityLog to lists of exclusions.
P.S. Addition from Activity Monitor user:
- Open Symantec Antivirus from Start menu or system tray
- Add Activity Monitor to list of Exceptions in Antivirus's Manual Scan configuration.
- To do this start with the following. Open Scan->Custom Scan in the tree. Click Options... button
- Click Actions button (not shown here). Select Security Risks->Spyware in list. Switch to Exceptions tab and click Add button on
the bottom of the window.
Antivirus loads list of known spyware. Mark a check box on the left of
following spyware names:
In fact machine with
Activity Monitor requires exclusion only of Spyware.ActrivMon and Spyware.AllInOne.
Machine with Agent requires exclusions of Spyware.ActrivMonAgent and Spyware.AllInOne
(In some cases you will also need to exclude Spyware.ActivityLog threat in case Symantec still finds Activity Monitor after you excluded 3 threats above)
Click Next to continue
- On the next page select First Action: Exclude. Hit Finish button.
There may be no Exclude option on this screen in Corporate Edition of SAV. In this case select Leave Alone (Log Only). This will work too and SAV will not inform users about presence of Activity Monitor
- You will have all 3 selected risks added to the exceptions list.
Click OK to save these settings.
- Add Activity Monitor to list of Exceptions File System Auto-Protect
- To do this start with the following. Select Configure -> File System Auto-Protect in tree view. Click Actions button on the right
- Repeat steps 4-6 and add Spyware.ActiveMonAgent, Spyware.ActMon and Spwyare.AllInOne to Exceptions for Auto-Protect.
- Exclude Activity Monitor from Startup Scans. Open Starup Scan - Auto-Generated QuickScan, click Edit button:
- Repeat steps 4-6 and add Spyware.ActiveMonAgent, Spyware.ActMon and Spwyare.AllInOne to
Exceptions for the Auto-Generated QuickScan. Repeat this
for other custom scans in Startup Scans group
some cases you will also need to exclude Spyware.ActivityLog threat in case
Symantec still finds Activity Monitor after you excluded 3 threats
- Now Symantec will not detect and report neither Activity Monitor nor Activity Monitor Agent on this computer.
- Repeat these actions on all computers where you are going to install Activity Monitor Agent and Activity Monitor server part.
- Symantec Antivirus on your computer may have several custom scans listed on the left, such as Scheduled Scan, Startup Scans, Administrativer Scan, etc. Each of them has its own Exceptions list. You need to exclude Activity Monitor from each of these scans to avoid detection
You also need to exclude the AM folder underneath the All Users profile in "Documents and settings" and also the "Program Files\SoftActivity" folder. I have found that Symantec has scanned those folders and quarantined files from those directories and disable the agent.