Search

All of Symantec All of Symantec Support Viruses & Risks Home & Home Office Small Business Enterprise Partners VERITAS

Question/Issue:
A file, folder, file extension, or application needs to be excluded from scanning by one or more features of Symantec Endpoint Protection (SEP). This needs to be done using Symantec Endpoint Protection Manager (SEPM).


Solution:
Centralized Exceptions Policies contain exceptions for the following types of scans:

• AntiVirus and antispyware scans
• TruScan proactive threat scans
• Tamper Protection scans

Follow the instructions below for the type of exception you would like to make.

Creating exceptions for Antivirus and antispyware scans

Note: Security Risk Exceptions are global, and apply to all Scheduled Scans as well as Realtime AutoProtect.

1. Log into the SEPM and click Policies.
2. Under View Policies click Centralized Exceptions.
3. Under Tasks click Add a Centralized Exception policy... This will create and open a new Centralized Exceptions Policy.
4. In the left pane, click Centralized Exceptions.
5. Click the Add button to open a drop-down menu. Move the cursor over Security Risk Exceptions to open a second drop-down menu.
6. Select one of the four options: Known Risks, File, Folder, Extensions.
   
   Note: Wildcard variables such as * and ? are not supported.
   
   Note: For File and Folder-based exclusions, the Full Path to the file must be specified, unless a "Prefix Variable" is selected. If a "Prefix Variable" is selected, the path specified should be relative to the selected "Prefix Variable"
   
   
   
   Note: if you are unsure about what type of exception to make please see the chapter entitled "Configuring Centralized Exceptions Policies" in the "Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control".
   
7. Enter the appropriate information for the known risk, file, folder, or extension you would like to exclude.
8. (Optional) Repeat steps 5 through 7 to add any other Security Risk Exceptions you would like to the policy.
9. (Optional) Follow the appropriate steps under "Creating exceptions for TruScan proactive threat scans" or "Creating exceptions for Tamper Protection scans" to add those types of exceptions to this policy.
10. Click OK.

Creating exceptions for TruScan proactive threat scans

1. Log into the SEPM and click Policies.
2. Under View Policies click Centralized Exceptions.
3. Under Tasks click Add a Centralized Exception policy... This will create and open a new Centralized Exceptions Policy.
4. In the left pane, click Centralized Exceptions.
5. Click the Add button to open a drop-down menu. Move the cursor over TruScan Proactive Threat Scan Exceptions to open a second drop-down menu.
6. Select one of the two options: Detected Processes, Process.
   Note: if you are unsure about what type of exception to make please see the chapter entitled "Configuring Centralized Exceptions Policies" in the "Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control".
7. Enter the appropriate information for the detected processes, or process you would like to exclude.
8. (Optional) Repeat steps 5 through 7 to add any other TruScan Proactive Threat Scan Exceptions you would like to the policy.
9. (Optional) Follow the appropriate steps under "Creating exceptions for Antivirus and antispyware scans" or "Creating exceptions for Tamper Protection scans" to add those types of exceptions to this policy.
10. Click OK.

Creating exceptions for Tamper Protection scans

1. Log into the SEPM and click Policies.
2. Under View Policies click Centralized Exceptions.
3. Under Tasks click Add a Centralized Exception policy... This will create and open a new Centralized Exceptions Policy.
4. In the left pane, click Centralized Exceptions.
5. Click the Add button to open a drop-down menu. Click Tamper Protection Exception.
6. Enter the appropriate information for the file you would like to exclude.
7. (Optional) Repeat steps 5 and 6 to add any other Tamper Protection Exceptions you would like to the policy.
8. (Optional) Follow the appropriate steps under "Creating exceptions for Antivirus and antispyware scans" or "Creating exceptions for TruScan proactive threat scans" to add those types of exceptions to this policy.
9. Click OK.

Technical Information:
Glossary of File/Folder Prefix Variables

NAME OF PREFIX	Description
PROGRAM_FILES_COMMON	A folder for components that are shared across applications. A typical path is C:\Program Files\Common Files
SYSTEM	The Windows System folder. A typical path is C:\Windows\System32 or C:\WINNT\System32
COMMON_PROGRAMS	The file system folder that contains the folders for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs
COMMON_DOCUMENTS	The file system folder that contains documents that common to all users. A typical path is C:\Documents and Settings\All Users\Documents
PROGRAM_FILES	The Program Files folder. A typical path is C:\Program Files
COMMON_DESKTOPDIRECTORY	The file system folder that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop
WINDOWS	The Windows folder or SYSROOT. This corresponds to the %windir% or %SYSTEMROOT% environmental variables. A typical path is C:\Windows or C:\WINNT
COMMON_APPDATA	The file system folder containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data
COMMON_STARTUP	The file system folder that contains all the programs that appear in the Startup folder for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs\Startup

NOTE: Endpoint does not allow the use of wildcards.



References:
For more information please see the chapter entitled "Configuring Centralized Exceptions Policies" in the "Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control"

Document ID: 2008030423280248
Last Modified: 10/20/2009
Date Created: 03/04/2008
Operating System(s): Windows 2000 Server/Advanced Server, Windows Server 2003 Web/Standard/Enterprise/Datacenter Edition
Product(s): Endpoint Protection 11
Release(s): Endpoint Protection 11.0, Endpoint Protection 11.0.1

Site Index · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements