Endpoint Protection

Creating an DNS or Host File Change Exception in Symantec Endpoint Protection Manager 12.1 RU1 MP1 and above. 

07-31-2012 08:56 AM


SEP 12.1 Release Update 1 (RU1) Maintenance Patch 1 (MP1) added a new exclusion category: DNS or Host File Change Exception. This exclusion will prevent SONAR from taking any action on applications that have been excluded from these detections.

Follow the steps below for creating an DNS or Host File Change Exception in Symantec Endpoint Protection Manager 12.1 RU1 MP1 and above.

  1. Login to the Symantec Endpoint Protection Manager (SEPM)
  2. Click on Policies TAB
  3. Click Exceptions under policies
  4. Either click on "Edit the Policy" OR "Add an Exception Policy" as per your requirements.
  5. Under Exceptions Policy, click on Exceptions and click on "Add" button and then click on Windows Exceptions and select "DNS or Host File Change Exception"
  6. Click on "Add an Application to Monitor". Add an application that is to be Monitored on the network. That can be an Applicaiton which is currently in use, or an application that you would like to monitor for its appearance. Once this Application has been added, it can take several hours to appear  in the list  of Application Exceptions. Once it appears on the list, you will be able to specify an action for an application.
  7. Click on Add
  8. Chose the Action ( Ignore, Log only, Prompt and Block ) Note: By default it is set to "Log only"
  9. Click on OK
  10. Click on OK 

Make sure you assign the policy to the correct groups.

Related Articles:

Error: "Security Risk Found! Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan"


Symantec Endpoint Protection 12.1: Blocked System Change Events produce unexpected messages


Hope that helps!!

0 Favorited
0 Files

Tags and Keywords


10-09-2012 07:08 PM

Click on Help >> Troubleshooting

The server will show the name of your SEPM (or IP Address)

Make sure your client is managed. If there is a green dot on the SEP icon in the task tray this indicates it is managed by a SEPM.

10-09-2012 05:39 PM

How do I find  Symantec Endpoint Protection Manager (SEPM)

This is how my Symantec Endpoint comes up and there is no Manager so I can not find the Policies tab.

08-17-2012 09:22 AM

Much needed feature...

08-07-2012 07:56 AM


Is it possible for you to post a procedure like this for how to add one exe file in exceptions?

08-06-2012 11:48 AM

Thank you for the update.

Related Entries and Links

No Related Resource entered.