About the files and folders that Symantec Endpoint Protection excludes from virus and spyware scans
|Article:HOWTO80947|||||Created: 2012-10-24|||||Updated: 2013-10-07|||||Article URL http://www.symantec.com/docs/HOWTO80947|
When Symantec Endpoint Protection detects the presence of certain third-party applications and some Symantec products, it automatically creates exclusions for these files and folders. The client excludes these files and folders from all scans.
The client does not exclude the system temporary folders from scans because doing so can create a significant security vulnerability on a computer.
To improve scan performance or reduce false positive detections, you can exclude files by adding a file or a folder exception to an Exceptions policy. You can also specify the file extensions or the folders that you want to include in a particular scan.
The files or folders that you exclude from scans are not protected from viruses and security risks.
You can view the exclusions that the client automatically creates.
Look in the following locations of the Windows registry:
On 32-bit computers, see HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\AV\Exclusions.
On 64-bit computers, see HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions.
Do not edit this registry directly.
Table: File and folder exclusions
The client software automatically creates file and folder scan exclusions for the following Microsoft Exchange Server versions:
For Exchange 2007, see your user documentation for information about compatibility with antivirus software. In a few circumstances, you might need to create scan exclusions for some Exchange 2007 folders manually. For example, in a clustered environment, you might need to create some exclusions.
The client software checks for changes in the location of the appropriate Microsoft Exchange files and folders at regular intervals. If you install Microsoft Exchange on a computer where the client software is already installed, the exclusions are created when the client checks for changes. The client excludes both files and folders; if a single file is moved from an excluded folder, the file remains excluded.
For more information, see the knowledge base article, Preventing Symantec Endpoint Protection from scanning the Microsoft Exchange 2007 directory structure.
The client automatically creates file and folder exclusions for the following Microsoft Forefront products:
Check the Microsoft Web site for a list of recommended exclusions.
Also see the Symantec Technical Support knowledge base article, Configuring Symantec Endpoint Protection exclusions for Microsoft Forefront.
Active Directory domain controller
The client automatically creates file and folder exclusions for the Active Directory domain controller database, logs, and working files. The client monitors the applications that are installed on the client computer. If the software detects Active Directory on the client computer, the software automatically creates the exclusions.
The client automatically creates appropriate file and folder scan exclusions for certain Symantec products when they are detected.
Selected extensions and Microsoft folders
For each type of administrator-defined scan or Auto-Protect, you can select files to include by extension. For administrator-defined scans, you can also select files to include by folder. For example, you can specify that a scheduled scan only scans certain extensions and that Auto-Protect scans all extensions.
For executable files and Microsoft Office files, Auto-Protect can determine a file's type even if a virus changes the file's extension.
By default Symantec Endpoint Protection scans all extensions and folders. Any extensions or folders that you deselect are excluded from that particular scan.
Symantec does not recommend that you exclude any extensions from scans. If you decide to exclude files by extension and any Microsoft folders, however, you should consider the amount of protection that your network requires. You should also consider the amount of time and resources that your client computers require to complete the scans.
File and folder exceptions
You use an Exceptions policy to create exceptions for the files or the folders that you want Symantec Endpoint Protection to exclude from all virus and spyware scans.
If the client detects a virus in the Inbox file during an on-demand or scheduled scan, the client quarantines the entire inbox. You can create an exception to exclude the inbox file instead. If the client detects a virus when a user opens an email message, however, the client still quarantines or deletes the message.
Virus and spyware scans include a feature that is called Insight that lets scans skip trusted files. You can choose the level of trust for the files that you want to skip, or you can disable the option. If you disable the option, you might increase scan time.
Auto-Protect can also skip the files that are accessed by trusted processes such as Windows Search.
Article URL http://www.symantec.com/docs/HOWTO80947