Preventing Symantec Endpoint Protection from scanning the Microsoft Exchange 2007 directory structure

Article:TECH102249  |  Created: 2007-01-26  |  Updated: 2013-01-04  |  Article URL
Article Type
Technical Solution


What are the the recommended exclusions for Symantec Endpoint Protection (SEP) client on an Exchange 2007 Server?


Exchange 2007 can be installed with several different roles. As each role should have different exclusions, exclusions should be based on the roles you have installed.

Symantec Endpoint Protection's Exchange 2007 automatic exclusions detect the mailbox role and set the required base exclusions.

In a clustered environment, you must make additional exclusions manually.

Symantec recommends that you exclude the quorum disk, the %Winnt%\Cluster folder, and the file share witness which is located on another server in the environment, typically on the Hub Transport server.

For more information on how to make these exclusions manually, please see How to add a Security Risk Exception in the Endpoint Protection Manager.

For a list of recommended exclusions for Exchange 2007, read the Microsoft TechNet article File-Level Antivirus Scanning on Exchange 2007.

Technical Information
The Symantec Endpoint Protection client software creates file and folder scan exclusions for the following Microsoft Exchange server versions:

  • Exchange 5.5
  • Exchange 2000
  • Exchange 2003
  • Exchange 2007
  • Exchange 2010

Symantec recommends that the Exchange server's OS always be protected by the latest available release of SEP.  The Exchange server's message flow and Information Store must be protected by a dedicated mail security product, such as Symantec Mail Security for Microsoft Exchange

Legacy ID


Article URL

Terms of use for this information are found in Legal Notices