Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 11

Article:TECH104326  |  Created: 2008-01-04  |  Updated: 2012-05-09  |  Article URL http://www.symantec.com/docs/TECH104326
Article Type
Technical Solution


Issue



A file, folder, file extension or application needs to be excluded from being scanned by one or more features of the Symantec Endpoint Protection (SEP) client.
Such exclusions can be configured for managed SEP clients using Centralized Exceptions policies in the Symantec Endpoint Protection Manager (SEPM) console.


Solution



Centralized Exceptions policies contain exceptions for the following types of scans for Windows-based operating systems:

  • Antivirus and Antispyware scans
  • TruScan Proactive Threat Scans
  • Tamper Protection


Follow the instructions below to make the type of exception required:

Creating exceptions for Antivirus and Antispyware scans

      Note: Security Risk Exceptions are global, and apply to all Scheduled Scans as well as real-time Auto-Protect.
    1. Log into the SEPM and click Policies.
    2. Under View Policies click Centralized Exceptions.
    3. Under Tasks click Add a Centralized Exception policy... This will create and open a new Centralized Exceptions Policy.
    4. In the left pane, click Centralized Exceptions.
    5. Click the Add button to open a drop-down menu. Move the cursor over Security Risk Exceptions to open a second drop-down menu.
    6. Select one of the four options: Known Risks, File, Folder, Extensions.

      Note: Wildcard variables such as * and ? are not supported for Known Risks, File, or Folder exceptions. The ? wildcard is supported for Extension exceptions. The Folder exceptions screen will accept * and ? but they will be treated as literal characters and not wildcard variables.

      Note: For File and Folder-based exclusions, the Full Path to the file must be specified, unless a "Prefix Variable" is selected. If a "Prefix Variable" is selected, the path specified should be relative to the selected "Prefix Variable"



      Note: if you are unsure about what type of exception to make please see the chapter entitled "Configuring Centralized Exceptions Policies" in the pdf "Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control".
    7. Enter the appropriate information for the known risk, file, folder, or extension to be excluded.
    8. (Optional) Repeat steps 5 through 7 to add any other Security Risk Exceptions to the policy.
    9. (Optional) Follow the appropriate steps under "Creating exceptions for TruScan proactive threat scans" or "Creating exceptions for Tamper Protection scans" to add those types of exceptions to this policy.
    10. Click OK.


Creating exceptions for TruScan Proactive Threat Scans

    1. Log into the SEPM and click Policies.
    2. Under View Policies click Centralized Exceptions.
    3. Under Tasks click Add a Centralized Exception policy... This will create and open a new Centralized Exceptions Policy.
    4. In the left pane, click Centralized Exceptions.
    5. Click the Add button to open a drop-down menu. Move the cursor over TruScan Proactive Threat Scan Exceptions to open a second drop-down menu.
    6. Select one of the two options: Detected Processes, Process.
      Note: if you are unsure about what type of exception to make please see the chapter entitled "Configuring Centralized Exceptions Policies" in the pdf "Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control".
    7. Enter the appropriate information for the detected processes, or process to be excluded.
    8. (Optional) Repeat steps 5 through 7 to add any other TruScan Proactive Threat Scan Exceptions to the policy.
    9. (Optional) Follow the appropriate steps under "Creating exceptions for Antivirus and antispyware scans" or "Creating exceptions for Tamper Protection scans" to add those types of exceptions to this policy.
    10. Click OK.


Creating exceptions for Tamper Protection

    1. Log into the SEPM and click Policies.
    2. Under View Policies click Centralized Exceptions.
    3. Under Tasks click Add a Centralized Exception policy... This will create and open a new Centralized Exceptions Policy.
    4. In the left pane, click Centralized Exceptions.
    5. Click the Add button to open a drop-down menu. Click Tamper Protection Exception.
    6. Enter the appropriate information for the file to be excluded.
    7. (Optional) Repeat steps 5 and 6 to add any other Tamper Protection Exceptions to the policy.
    8. (Optional) Follow the appropriate steps under "Creating exceptions for Antivirus and antispyware scans" or "Creating exceptions for TruScan proactive threat scans" to add those types of exceptions to this policy.
    9. Click OK.






References
For more information please see the chapter entitled "Configuring Centralized Exceptions Policies" in the pdf "Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control"



Technical Information
Glossary of File/Folder Prefix Variables

 

 


NAME OF PREFIX

Description

PROGRAM_FILES_COMMON

A folder for components that are shared across applications. A typical path is C:\Program Files\Common Files

SYSTEM

The Windows System folder. A typical path is C:\Windows\System32 or C:\WINNT\System32

COMMON_PROGRAMS

The file system folder that contains the folders for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs

COMMON_DOCUMENTS

The file system folder that contains documents that common to all users. A typical path is C:\Documents and Settings\All Users\Documents

PROGRAM_FILES

The Program Files folder. A typical path is C:\Program Files

COMMON_DESKTOPDIRECTORY

The file system folder that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop

WINDOWS

The Windows folder or SYSROOT. This corresponds to the %windir% or %SYSTEMROOT% environmental variables. A typical path is C:\Windows or C:\WINNT

COMMON_APPDATA

The file system folder containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data

COMMON_STARTUP

The file system folder that contains all the programs that appear in the Startup folder for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs\Startup

NOTE: Endpoint does not allow the use of wildcards.
 




Legacy ID



2008030423280248


Article URL http://www.symantec.com/docs/TECH104326


Terms of use for this information are found in Legal Notices