Creating exceptions for Symantec Endpoint Protection

Article:HOWTO80919  |  Created: 2012-10-24  |  Updated: 2013-10-07  |  Article URL http://www.symantec.com/docs/HOWTO80919
Article Type
How To


Subject


Creating exceptions for Symantec Endpoint Protection

You can create different types of exceptions for Symantec Endpoint Protection.

Any exception that you create takes precedence over any exception that a user might define. On client computers, users cannot view the exceptions that you create. A user can view only the exceptions that the user creates.

Note:

The Exceptions policy includes a SONAR file path exception to prevent SONAR code injection into the specified application. SONAR does not inject code into applications on Symantec Endpoint Protection 12.1 or earlier clients. If you use Symantec Endpoint Protection Manager 12.1.2 to manage clients, a SONAR file exception in an Exceptions policy is ignored on your legacy clients. If you use a legacy Symantec Endpoint Protection Manager to manage clients, the legacy policy does not support SONAR file exceptions for your Symantec Endpoint Protection 12.1.2 clients. You can prevent SONAR code injection into applications on these clients, however, by creating an Application to monitor exception in the legacy policy. After the client learns the application, you can configure an application exception in the policy.

Exceptions for virus and spyware scans also apply to Download Insight.

Table: Creating exceptions for Symantec Endpoint Protection

Task

Description

Exclude a file from scans

Supported on Windows and Mac clients.

Excludes a file by name from virus and spyware scans, SONAR, or application control on Windows clients.

You can also exclude a file from virus and spyware scans on Mac clients.

See Excluding a file or a folder from scans.

Exclude a folder from scans

Supported on Windows and Mac clients.

Excludes a folder from virus and spyware scans, SONAR, or all scans on Windows clients. You can also exclude a folder from virus and spyware scans on Mac clients.

See Excluding a file or a folder from scans.

Exclude a known risk from virus and spyware scans

Supported on Windows clients.

Excludes a known risk from virus and spyware scans. The scans ignore the risk, but you can configure the exception so that the scans log the detection. In either case, the client software does not notify users when it detects the specified risks.

If a user configures custom actions for a known risk that you configure to ignore, Symantec Endpoint Protection ignores the custom actions.

See Excluding known risks from virus and spyware scans.

Security risk exceptions do not apply to SONAR.

Exclude file extensions from virus and spyware scans

Supported on Windows clients.

Excludes any files with the specified extensions from virus and spyware scans.

See Excluding file extensions from virus and spyware scans.

Extension exceptions do not apply to SONAR.

Monitor an application to create an exception for the application

Supported on Windows clients.

Use the Application to monitor exception to monitor a particular application. When Symantec Endpoint Protection learns the application, you can create an exception to specify how Symantec Endpoint Protection handles the application.

If you disable application learning, the Application to monitor exception forces application learning for the application that you specify.

See Monitoring an application to create an exception for the application.

Specify how scans handle monitored applications

Supported on Windows clients.

Use an application exception to specify an action for Symantec Endpoint Protection to apply to a monitored application. The type of action determines whether Symantec Endpoint Protection applies the action when it detects the application or when the application runs. Symantec Endpoint Protection applies the Terminate, Quarantine, or Remove action to an application when it launches or runs. It applies the Log only or Ignore action when it detects the application.

Unlike a file name exception, an application exception is a hash-based exception. Different files can have the same name, but a file hash uniquely identifies an application.

The application exception is a SHA-2 hash-based exception. Legacy exceptions for TruScan proactive threat scans appear as SHA-1 hash-based exceptions. Legacy clients support SHA-1 exceptions only. The file fingerprint in the exceptions list is preceded by a 2 or a 1 respectively to indicate the file hash type.

Applications for which you can create exceptions appear in the Exceptions dialog after Symantec Endpoint Protection learns the application. You can request that Symantec Endpoint Protection monitors a specific application to learn.

See Specifying how Symantec Endpoint Protection handles monitored applications.

See Configuring the management server to collect information about the applications that the client computers run.

Exclude a Web domain from scans

Supported on Windows clients.

Download Insight scans the files that users try to download from Web sites and other portals. Download Insight runs as part of a virus and spyware scan. You can configure an exception for a specific Web domain that you know is safe.

Download Insight must be enabled for the exception to have any effect.

Note:

If your client computers use a proxy with authentication, you must specify trusted Web domain exceptions for Symantec URLs. The exceptions let your client computers communicate with Symantec Insight and other important Symantec sites.

See Excluding a trusted Web domain from scans.

Create file exceptions for Tamper Protection

Supported on Windows clients.

Tamper Protection protects client computers from the processes that tamper with Symantec processes and internal objects. When Tamper Protection detects a process that might modify the Symantec configuration settings or Windows registry values, it blocks the process.

Some third-party applications inadvertently try to modify Symantec processes or settings. You might need to allow a safe application to modify Symantec settings. You might want to stop Tamper Protection for certain areas of the registry or certain files on the client computer.

In some cases, Tamper Protection might block a screen reader or some other assistive technology application. You can create a file exception so that the application can run on client computers. Folder exceptions are not supported for Tamper Protection.

See Creating a Tamper Protection exception.

Allow applications to make DNS or host file changes

Supported on Windows clients

You can create an exception for an application to make a DNS or host file change. SONAR typically prevents system changes like DNS or host file changes. You might need to make an exception for a VPN application, for example.

See Creating an exception for an application that makes a DNS or host file change.

See Managing exceptions for Symantec Endpoint Protection

See Creating exceptions from log events in Symantec Endpoint Protection Manager


Legacy ID



v39814459_v81626096


Article URL http://www.symantec.com/docs/HOWTO80919


Terms of use for this information are found in Legal Notices