Creating exceptions from log events in Symantec Endpoint Protection Manager
|Article:HOWTO80928|||||Created: 2012-10-24|||||Updated: 2014-09-21|||||Article URL http://www.symantec.com/docs/HOWTO80928|
You can create exceptions from log events for virus and spyware scans, SONAR, application control, and Tamper Protection.
You cannot create exceptions from log events for early launch anti-malware detections.
Table: Exceptions and log types
Trusted Web domain
Application Control log
DNS or host file change
Symantec Endpoint Protection must have already detected the item for which you want to create an exception. When you use a log event to create an exception, you specify the Exceptions policy that should include the exception.
To create exceptions from log events in Symantec Endpoint Protection Manager
On the Monitors tab, click the Logs tab.
In the Log type drop-down list, select the Risk log, SONAR log, or Application and Device Control log.
If you selected Application and Device Control, select Application Control from the Log content list.
Click View Log.
Next to Time range, select the time interval to filter the log.
Select the entry or entries for which you want to create an exception.
Next to Action, select the type of exception that you want to create.
The exception type that you select must be valid for the item or items that you selected.
Click Apply or Start.
In the dialog box, remove any items that you do not want to include in the exception.
For security risks, check Log when the security risk is detected if you want Symantec Endpoint Protection to log the detection.
Select all of the Exceptions policies that should use the exception.
Article URL http://www.symantec.com/docs/HOWTO80928