Houston Security User Group

 View Only
  • 1.  Query for Retriving Exceptions in SEP 12

    Posted Aug 23, 2013 04:23 PM
      |   view attached

    This is for Everyone to take:

    Issue: We had local Exceptions on a larger number of Servers and we needed a way to retrive them and put in a file or files.

    After a bit of dicussion our Security Architect: Cory Moerbe came up with a very simple solution.

     

    Hope this helps you.

     

     

     

    Attachment(s)

    txt
    Query on Exceptions..txt   1 KB 1 version


  • 2.  RE: Query for Retriving Exceptions in SEP 12

    Posted Aug 23, 2013 04:40 PM

    save as .bat 



  • 3.  RE: Query for Retriving Exceptions in SEP 12

    Posted Aug 23, 2013 05:12 PM

    You may also want to post this as a download as well.



  • 4.  RE: Query for Retriving Exceptions in SEP 12

    Posted Aug 26, 2013 11:38 AM

     

    Thanks for the post!  Voted up.

    You have lines for both 32 bit and 64 bit. For the record, which SEP version and Windows server OS were you looking at?

     

    On the point of servers with locally-set exclusions, we used to have that open (the factory default) but that caused a problem when a user (or even an outside vendor!) would set exclusions and not even tell teh SEP admin.  When the admin needed to update a CE policy, their exclusions got overwritten.

    Our solution: block any client-side exclusions. If they need something, we put it into a policy if it holds up to examination.

    Thanks

    John

     

     

     



  • 5.  RE: Query for Retriving Exceptions in SEP 12

    Posted Aug 26, 2013 11:57 AM

    It has 32 and 64 bit keys so it works on both OS types. Output still seems to grab all relevant entries when encountering either.

    This was used against a SEP 11 environment before upgrading to SEP 12.

     

    John,

    Your solution to client-side exclusions is the route were taking going forward. This script is just for catch all purposes, so we dont have to guess why an app was working fine before the upgrade. Your right it is a bad idea to allow local exceptions client side in the first place.

     

    Cheers!

     

     

     

     

     



  • 6.  RE: Query for Retriving Exceptions in SEP 12

    Posted Aug 26, 2013 12:40 PM

    By server OS I meant Win 2003 / Win 2008 / Win 2008r2...

     

    Thank you for posting. Even though we block client-side exclusions your script will still be handy in some situations. I may use it to confirm whether automatic SEP exclusions were made for Exchange.  

    or SMS-MSE 6.5 (Symantec Mail Security for Microsoft Windows Exchange).

     

    We found that SEP will only create the "automatic" exclusions if you install (re-install) SEP AFTER installing SMS. Our solution: we are putting the needed exclusions in a CE policy to make sure it is there.

    Thanks



  • 7.  RE: Query for Retriving Exceptions in SEP 12

    Posted Aug 26, 2013 01:00 PM

    I used it against all Windows servers on the network. Registry locations appear to be similar between Windows server versions in this regards...this grabs sub directories....so it catches those random number generated directories as well.



  • 8.  RE: Query for Retriving Exceptions in SEP 12

    Posted Aug 26, 2013 02:35 PM
      |   view attached

    ...ok now its recursive.... /s

     

    Attachment(s)

    txt
    Query_on_Exceptions.txt   1 KB 1 version