Which variables and wildcards does Endpoint Protection allow in Centralized Exception Policies?

Article:TECH106068  |  Created: 2008-01-30  |  Updated: 2013-02-28  |  Article URL http://www.symantec.com/docs/TECH106068
Article Type
Technical Solution


Environment

Issue



Symantec Antivirus (SAV) did not allow the use of variables or wildcards in Centralized Exceptions. Does Symantec Endpoint Protection (SEP) allow either?


Cause



You would like to use wildcards or variables to define your Centralized Exceptions.


Solution



SEP provides predefined variables called prefix variables for file and folder exceptions. These variables allow you to make exceptions without typing the full path.


How to add Centralized Exceptions using Prefix Variables:

  1. Log onto the Endpoint Protection Manager Console.
  2. Click on the Policies tab.
  3. Under 'View Policies' header, click on Centralized Exceptions.
  4. Either edit an existing policy (Tasks > Edit the Policy) or create a new one. (Tasks > Add).
  5. A new window will pop up. Click on the Centralized Exceptions tab on the left side.
  6. You will now see a complete list of all your defined centralized exceptions.
    NOTE: To verify if an exception has already been made automatically, see "Verifying Automatic Exclusions."
  7. Click the Add button and select the type of Windows Exception: Security Risk (Known Risk, File, Folder or Extensions), TruScan Proactive Threat Scan (Detected Processes or Process), or Tamper Protection.
    NOTE: For information on Centralized Exceptions for Macintosh clients (RU6 and higher), please see 'How to create a Security Risk Exception for a Mac client from the Symantec Endpoint Protection Manager (SEPM)'.
  8. The following popup will appear:


Select the prefix you are interested in, and then include the name of the file or folder in question. In order to view a description of all the variables, click the ? button. A full glossary has been provided in the Technical Information section.

SEP does not allow the use of wildcards. For more information regarding wildcards see the document below.

Title: 'Wildcards are not usable within Centralized 'Tamper Protection' Exceptions'
http://service1.symantec.com/support/ent-security.nsf/docid/2008052014242748



References
Title: 'How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory'

http://service1.symantec.com/support/ent-security.nsf/docid/2008090512574448

Title: 'How to create a Security Risk Exception for a Mac client from the Symantec Endpoint Protection Manager (SEPM)'
http://service1.symantec.com/support/ent-security.nsf/docid/2010041505243448

Title: 'Symantec Endpoint Protection Manager - Centralized Exceptions - Policies explained'
http://service1.symantec.com/support/ent-security.nsf/docid/2008032010550448

Title: 'Creating Centralized Exception policies in Symantec Endpoint Protection Manager.'
http://service1.symantec.com/support/ent-security.nsf/docid/2008030423280248


Technical Information
Glossary of File/Folder Prefix Variables

 

 


NAME OF PREFIX

Description

PROGRAM_FILES_COMMON

A folder for components that are shared across applications. A typical path is C:\Program Files\Common Files

SYSTEM

The Windows System folder. A typical path is C:\Windows\System32

COMMON_PROGRAMS

The file system folder that contains the folders for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs

COMMON_DOCUMENTS

The file system folder that contains documents that common to all users. A typical path is C:\Documents and Settings\All Users\Documents

PROGRAM_FILES

The Program Files folder. A typical path is C:\Program Files

COMMON_DESKTOPDIRECTORY

The file system folder that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop

WINDOWS

The Windows folder or SYSROOT. This corresponds to the %windir% or %SYSTEMROOT% environmental variables. A typical path is C:\Windows

COMMON_APPDATA

The file system folder containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data

COMMON_STARTUP

The file system folder that contains all the programs that appear in the Startup folder for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs\Startup

 



Legacy ID



2008093008072448


Article URL http://www.symantec.com/docs/TECH106068


Terms of use for this information are found in Legal Notices