Endpoint Protection

SEPM has a setting in Auto-Protect "Do not scan files when trusted processes access the files".

Which processes are considered trusted?

Is this a predefined list, or is it something that is checked with Insight?

Or something that Sonar considers as trusted?

Hello,

At the moment, the only trusted process is the Windows Search Indexer and it isn’t customizable.

Virus and spyware scans include a feature that is called Insight that lets scans skip trusted files. You can choose the level of trust for the files that you want to skip, or you can disable the option. If you disable the option, you might increase scan time.

Check this Thread with similar issue:

https://www-secure.symantec.com/connect/forums/files-trusted

Secondly, check these Articles:

About the files and folders that Symantec Endpoint Protection excludes from virus and spyware scans

http://www.symantec.com/docs/HOWTO80947

Security Response recommendations for Symantec Endpoint Protection 12.1 settings

http://www.symantec.com/docs/TECH173752

Hope that helps!!

Auto-Protect can also skip the files that are accessed by trusted processes such as Windows Search.

http://www.symantec.com/business/support/index?page=content&id=HOWTO80947

I've not found a specific KBA to outline what these would be or what is considered a trusted process.