Endpoint Protection

 View Only

  • 1.  Built-in and Recommended Centralized Exceptions

    Posted Jun 02, 2009 04:44 PM
    Do I need to create a Centralized Exception policy to exclude the scan of the pagefile.sys file? And what about the spool folder? Or these files are in a kind of  "built-In" exception rule?
    And the feature of auto excluding Exchange folders is still valid in MR4, right?

    Are there any other recommended system file or folder exclusion?

    Thanks ;)

    PS.: I've replied an older topic (https://www-secure.symantec.com/connect/forums/recommended-centralized-exceptions), but it didn't come to the top of the forum. That's why I'm re-asking the same questions.



  • 2.  RE: Built-in and Recommended Centralized Exceptions

    Posted Jun 03, 2009 05:36 AM
    You can add them to the exceptions if SEP prevents it from working properly. Maybe users would notice a slowdown. And you have to manually add the Exchange folders in case SEP missed something, like the database and other drives used by that application. Is this a clustered environment? We're having problems with that.


  • 3.  RE: Built-in and Recommended Centralized Exceptions

    Posted Jun 03, 2009 08:05 AM
    Generally speaking, SEP is aware of most all exceptions that need to be there. However there are "exceptions", no pun intended. : ) 

    SQL, Citrix, and proprietary applications may require additional exceptions. But test them first. Don't put them in there just because you think they need to be. Test it out to ensure you  need the centralized exceptions.

    There is a specific KB around clustered Exchange servers and centralized exceptions

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/e1bb4a03c5bf43ee88257325000c1d58?OpenDocument


  • 4.  RE: Built-in and Recommended Centralized Exceptions

    Posted Jun 03, 2009 09:52 AM
    ok, thanks for the info guys ;)

    Stumbling around the forum I've found the link for an article talking about the default exclusions for Exchange and Active Directory servers.
    About the automatic exclusion of files and folders for Microsoft Exchange server and Symantec products
    ...and another article shows how to check if it's working.
    How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory

    Checked here, all seems to be working fine.



  • 5.  RE: Built-in and Recommended Centralized Exceptions
    Best Answer

    Posted Jun 03, 2009 11:55 AM
    Wildcard char or ? are not supported by SEPM for scan exclusion

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008030423280248?OpenDocument&ExpandSection=1


  • 6.  RE: Built-in and Recommended Centralized Exceptions

    Posted Jun 03, 2009 12:52 PM
    BTW, another question (this one is easier, I think =P): can I use wildcard chars while specifing folders for exclusion?

    Just an example, something like C:\Program Files\Microsoft* (all folders that begins with the word Microsoft)


  • 7.  RE: Built-in and Recommended Centralized Exceptions

    Posted Jun 03, 2009 12:56 PM
    Thanks again!
    (and sorry for the misspelling, I hope it is right now)


  • 8.  RE: Built-in and Recommended Centralized Exceptions

    Posted Jun 03, 2009 01:59 PM
    Someone at Symantec really does use this program. :-)

    Click on Monitors, click on the Logs tab, Log type = TruScan Proactive Threat Scan and click View Log

    From the next screen you can see what TruScan has found AND you can add a Centralized Exception for it from that screen if it is appropriate.

    Ray.