Here is the required detail regarding how to configure the SWS (streaming) agent and the SWV (virtualization) agent for use with Symantec Endpoint Protection (SEP) 12.x.
Workspace Streaming requires some configuration to operate with antivirus and security products. Since Workspace Streaming delivers file segments as the user needs them, many of the files that are created by Workspace Streaming are not complete files. This can cause problems with applications that scan the file system routinely, such as antivirus and security products.
To prevent performance and other problems with these applications, we should configure how these applications access streamed files.
With the SWS Agent configuration, the process name is all that is required (no path needed).
For SEP 12.0 and older, the pre-defined NO_ACCESS_PROCESSES list (found in AppstreamCfg.txt) is sufficient.
For SEP 12.1 and higher, ccSvcHst.exe must be manually added to the NO_ACCESS_PROCESSES list.
The new process name will be added to the default list in our future releases.
Adding a process to the no access list
Warning: Making inappropriate changes to appstreamcfg.txt may cause serious problems; so please take a backup before any modifications.
- Open appstreamcfg.txt in a text editor, found in <root directory>%ProgramFiles%\Symantec\Workspace Streaming\bin*
- Search the word NO_ACCESS_PROCESS (this list contains processes that will be denied access to the files in the SWS cache directory)
- Add the file name of the process executable (above mentioned) to the NO_ACCESS_PROCESS list. Process names from a number of security products are included for reference.
- Restart the Computer.
Workspace Virtualization contains functionality to guarantee that antivirus scanners and other file utility applications can scan the native file system. These applications are added to an ignore list so they do not see virtualized data when they run.
For SEP 12.0 and older, the pre-define ProgramIgnoreList (located under HKLM\System\CurrentControlSet\Services\FSLX\Parameters\FSL) is sufficient with one caveat. If SEP is installed to a non-default location, the path in the ProgramIgnoreList needs to be changed accordingly.
Beginning with SEP12.1, rtvscan.exe has been merged into ccSvcHst.exe. The ProgramIgnoreList must include a path of the form:
c:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4972.105\Bin\ccSvcHst.exe
Since the program path now contains a build number that will change with each release (including hotfix, RU, MP, etc.), the ProgramIgnoreList must be updated each time SEP is updated. There is an enhancement planned for Chrysler (and possibly SP8) that should address this issue. But until then, it’s a manual step.
To add applications to the ignore list
1. In the Windows registry editor , in the HKLM\System\CurrentControlSet\Services\FSLX\Parameters\FSL key, create a Multi-String Value called ProgramIgnoreList.
2. Double-click ProgramIgnoreList
3. Enter the complete path for the executable file that you want to ignore and click OK.
The path can be hard-coded (c:\windows\scan.exe) or can contain a variable ([_B_]WINDIR[_E_]\scan.exe).
4. Restart the computer.
SEP White List
SEP white list entries may be required for optimal performance with the SWS streaming agent.
How To Create A Centralized Exceptions Policy:
Centralized Exceptions Policies can be created from within Symantec Endpoint Protection Manager. Once you've loaded it and logged in, follow these steps:
- Choose the Policies tab from the left-hand menu
- Under View Policies, select Centralized Exceptions
- Right-Click in the Centralized Exceptions Policies section and choose Add
- In the Overview of your new policy, type a name and description for your new policy (i.e. IT Exceptions, Security Risk Exceptions for the IT Department)
- Next, click on Centralized Exceptions in the left menu
- On this screen, you'll need to add those applications that you'd like to exclude from SEP checking. These can be Security Risks, specific files or folders or even file extensions. To exclude one of these items, add it and choose Ignore as the action.
- The third option on the left menu will allow you to configure the options that allow or deny specific Policy Groups the option to create exceptions themselves. You can choose specific types of allowed or denied exceptions if you'd prefer.
- Finally, Click OK.