Every time Symantec AV updates there are a bunch of pending files, even after the pending files list is purged. These files are not truly new to the system, but are the result of existing executable files being copied from one folder to another and combined with the non executable .dat files that usually are new. The AV updater components are set as Updater/Installer and Symantec is set up as a trusted software vendor.
Is there any way to keep these files from going into Pending Files?
Will my AV scan with the new definitions without my clearing the pending files list?
After checking around it seems to be the answer to #1 is no and the answer to #2 is probably. I would like to get #2 to a confidence level of definitely yes.
#1. Maybe. Try the following (lifted from another answer):
I usually allow a few temporary file to be downloaded and check “remember my answer”. Then I go to Defense+/Advanced/Computer Security Policy and I find the application. I double-click on the application and go to Access Rights and click Modify for “Protected Files/Folders”. Let’s say I had allowed three downloads that resulted in the following entries:
I would delete two of them, and change the other to:
c:\SomeUserDir\SomeApplication\files*
This allows the application to save any file it wants to c:\SomeUserDir\SomeApplication\files.
I am still not sure that this will avoid having the files appear on the Pending Files list.
Yes. The Pending Files list is only a list of files that have been created on your HD. The purpose is to allow you to inspect possible malware by eliminating the known files that you have installed or expect. Some files are created and deleted by applications in operation, so the Purge button is designed to list of files that no longer exist. Moving a file will create a new file on the list and if the moved files was on the list before the move, it will still appear there, but it will be removed by Purge.
The updater is set to act as an installer/updater. That has the effect of allowing the creation of executable files everywhere. Your method while valid, is a tighter rule to do the same thing.
You seem to be saying the AV will be OK. If a file is in pending files will it run?
Yes, files on the pending list are there to give you the chance to declare them safe before they are run and you have to decide when you see the pop-up whether to allow them to do what they want. They can still run - the list is not a quarantine and the files are not moved from their installation directory.