Endpoint Protection

  • Private Community
 View Only

  • 1.  Exceptions for Domain Controllers

    Posted Jul 28, 2010 09:01 AM
    Hi everyone,

    I read the KB bellow, and say about scan the SEP in Domain Controlers is automatically created.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009090907562348

    So... not necessary create rules of exclusion in SEPM, it isn´t??


  • 2.  RE: Exceptions for Domain Controllers

    Posted Jul 28, 2010 09:06 AM
    Not necessary.But it is better to check once.Use this KB
    How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory


  • 3.  RE: Exceptions for Domain Controllers

    Posted Jul 28, 2010 09:21 AM

    But if the my company have many Domain controlers... is better create Centralized Exceptions policy in SEPM??


  • 4.  RE: Exceptions for Domain Controllers

    Posted Jul 28, 2010 09:34 AM
    not needed, it will automatically detect the presence of DC and create excusions, once installed you can verify the registry

    Does the upgrade of a Server to a Domain Controller Automatically create the necessary exception for the Active Directory ?
    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/e24515901bf70e8b65257623005bbec4?OpenDocument


  • 5.  RE: Exceptions for Domain Controllers
    Best Answer

    Posted Jul 28, 2010 09:56 AM

    About the automatic exclusion of files and folders
    The client software automatically detects the presence of certain third-party applications and Symantec products. After it detects them, it creates exclusions for these files and folders. The client excludes these files and folders from all antivirus and antispyware scans.
     
    The client software automatically creates exclusions for the following items:
    ■ Microsoft Exchange
    ■ Active Directory domain controller
    ■ Certain Symantec products
     
    Note: To see the exclusions that the client creates on 32-bit computers, you can
    examine the contents of the
     
    HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\AV\Exclusions registry. You must not edit this registry directly. On
     
    64-bit computers, look in
     
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SymantecEndpoint Protection\AV\Exclusion


  • 6.  RE: Exceptions for Domain Controllers

    Posted Jul 28, 2010 12:15 PM
    OK, but in my case... I don´t have permission to saw the  registry of the all domain controlers.
    So... I need create the rules in SEPM to ensure the exclusion


  • 7.  RE: Exceptions for Domain Controllers

    Posted Jul 28, 2010 12:38 PM

    They the craeted automtically , The registry was just a hint for you to confrim that they are there. It was for you to see the exclusions


  • 8.  RE: Exceptions for Domain Controllers

    Posted Jul 28, 2010 12:44 PM
    its not needed ; however even in our environment we create the exception and then deploy it.
    thats because we used to create the same in SAV...:)