About the files and folders that Symantec Endpoint Protection excludes from virus and spyware scans

Article:HOWTO54876  |  Created: 2011-06-29  |  Updated: 2012-10-02  |  Article URL http://www.symantec.com/docs/HOWTO54876
Article Type
How To


Subject


About the files and folders that Symantec Endpoint Protection excludes from virus and spyware scans

When Symantec Endpoint Protection detects the presence of certain third-party applications and some Symantec products, it automatically creates exclusions for these files and folders. The client excludes these files and folders from all scans.

Note:

The client does not exclude the system temporary folders from scans because doing so can create a significant security vulnerability on a computer.

To improve scan performance or reduce false positive detections, you can exclude files by adding a file or a folder exception to an Exceptions policy. You can also specify the file extensions or the folders that you want to include in a particular scan.

See Excluding a file or a folder from scans

Warning:

Files or folders that you exclude from scans are not protected from viruses and security risks.

You can view the exclusions that the client automatically creates.

Look in the following locations of the Windows registry:

  • On 32-bit computers, see HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection Small Business Edition\AV\Exclusions.

  • On 64-bit computers, see HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\Symantec Endpoint Protection Small Business Edition\AV\Exclusions.

Warning:

Do not edit this registry directly.

Table: File and folder exclusions

Files

Description

Microsoft Exchange

The client software automatically creates file and folder scan exclusions for the following Microsoft Exchange Server versions:

  • Exchange 5.5

  • Exchange 6.0

  • Exchange 2000

  • Exchange 2003

  • Exchange 2007

  • Exchange 2007 SP1

  • Exchange 2010

For Exchange 2007, see your user documentation for information about compatibility with antivirus software. In a few circumstances, you might need to create scan exclusions for some Exchange 2007 folders manually. For example, in a clustered environment, you might need to create some exclusions.

The client software checks for changes in the location of the appropriate Microsoft Exchange files and folders at regular intervals. If you install Microsoft Exchange on a computer where the client software is already installed, the exclusions are created when the client checks for changes. The client excludes both files and folders; if a single file is moved from an excluded folder, the file remains excluded.

For more information, see the knowledge base article, Preventing Symantec Endpoint Protection from scanning the Microsoft Exchange 2007 directory structure.

Microsoft Forefront

The client automatically creates file and folder exclusions for the following Microsoft Forefront products:

  • Forefront Server Security for Exchange

  • Forefront Server Security for SharePoint

  • Forefront Threat Management Gateway

Check the Microsoft Web site for a list of recommended exclusions.

Also see the Symantec Technical Support knowledge base article, Configuring Symantec Endpoint Protection exclusions for Microsoft Forefront.

Active Directory domain controller

The client automatically creates file and folder exclusions for the Active Directory domain controller database, logs, and working files. The client monitors the applications that are installed on the client computer. If the software detects Active Directory on the client computer, the software automatically creates the exclusions.

Certain Symantec products

The client automatically creates appropriate file and folder scan exclusions for certain Symantec products when they are detected.

The client creates exclusions for the following Symantec products:

  • Symantec Mail Security 4.0, 4.5, 4.6, 5.0, and 6.0 for Microsoft Exchange

  • Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange

  • Norton AntiVirus 2.x for Microsoft Exchange

  • Symantec Endpoint Protection Manager embedded database and logs

Selected extensions and Microsoft folders

For each type of administrator-defined scan or Auto-Protect, you can select files to include by extension. For administrator-defined scans, you can also select files to include by folder. For example, you can specify that a scheduled scan only scans certain extensions and that Auto-Protect scans all extensions.

For executable files and Microsoft Office files, Auto-Protect can determine a file's type even if a virus changes the file's extension.

By default Symantec Endpoint Protection Small Business Edition scans all extensions and folders. Any extensions or folders that you deselect are excluded from that particular scan.

Symantec does not recommend that you exclude any extensions from scans. If you decide to exclude files by extension and any Microsoft folders, however, you should consider the amount of protection that your network requires. You should also consider the amount of time and resources that your client computers require to complete the scans.

Note:

Any file extensions that you exclude from Auto-Protect scans of the file system also excludes the extensions from Download Insight. If you are running Download Insight, you should include extensions for common programs and documents in the list of extensions that you want to scan. You should also make sure that you scan .msi files.

File and folder exceptions

You use an Exceptions policy to create exceptions for the files or the folders that you want Symantec Endpoint Protection Small Business Edition to exclude from all virus and spyware scans.

Note:

By default, users on client computers can also create file and folder exceptions.

For example, you might want to create file exclusions for an email application inbox.

If the client detects a virus in the Inbox file during an on-demand or scheduled scan, the client quarantines the entire inbox. You can create an exception to exclude the inbox file instead. If the client detects a virus when a user opens an email message, however, the client still quarantines or deletes the message.

Trusted files

Virus and spyware scans include a feature that is called Insight that lets scans skip trusted files. You can choose the level of trust for the files that you want to skip, or you can disable the option. If you disable the option, you might increase scan time.


Legacy ID



v41326114_v59371755


Article URL http://www.symantec.com/docs/HOWTO54876


Terms of use for this information are found in Legal Notices