SEP 12.1 Release Update 1 (RU1) Maintenance Patch 1 (MP1) added a new exclusion category: DNS or Host File Change Exception. This exclusion will prevent SONAR from taking any action on applications that have been excluded from these detections.
Follow the steps below for creating an DNS or Host File Change Exception in Symantec Endpoint Protection Manager 12.1 RU1 MP1 and above.
Make sure you assign the policy to the correct groups.
Error: "Security Risk Found! Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan"
Symantec Endpoint Protection 12.1: Blocked System Change Events produce unexpected messages
Hope that helps!!
Click on Help >> Troubleshooting
The server will show the name of your SEPM (or IP Address)
Make sure your client is managed. If there is a green dot on the SEP icon in the task tray this indicates it is managed by a SEPM.
How do I find Symantec Endpoint Protection Manager (SEPM)
This is how my Symantec Endpoint comes up and there is no Manager so I can not find the Policies tab.
Much needed feature...
Is it possible for you to post a procedure like this for how to add one exe file in exceptions?
Thank you for the update.