Centralized Exceptions set for Macintosh clients do not seem to be respected for scheduled, manual scans or mount scans

Article:TECH132533  |  Created: 2010-01-18  |  Updated: 2012-05-21  |  Article URL http://www.symantec.com/docs/TECH132533
Article Type
Technical Solution



In the Symantec Endpoint Protection Manager, you have configured Centralized Exceptions for Macintosh clients. You find that the exclusions appear to hold for Auto Protect, but not for scheduled, manual or mount scans.


  • Exclusion set per Symantec documentation (Centralized Exception Policy and Antivirus/Antispyware policy)
  • EICAR test string is not intercepted when saved to excluded directory
  • However, other scans--manual, scheduled, contextual--pick the file up.



This is expected behavior. Centralized Exceptions do not apply to manual scans (launched manually, by schedule, or by the "Mount Scan" feature); they work only for AutoProtect. This is leftover behavior from Symantec Antivirus for Macintosh (SAV for Mac), where "SafeZones" applied only to AutoProtect. Macintosh scans that are scheduled from the SEPM are also an "all-or-nothing" proposition; you cannot work around the exceptions shortcoming by scheduling a selective scan from the SEPM.


A more customizable way of running manual or scheduled scans on SEP for Macintosh is to use the Symantec Scheduler (SEP Client GUI, Utilities menu->Symantec Scheduler) or the NAVX command line. These tools must be run locally on the SEP for Macintosh client and are not configurable from the SEPM:

Command line switches and use of NAVX command line utility for SAV/SEP for Macintosh Database 'Enterprise Security Knowledge Base', View 'Support\All Documents (CLF)', Document 'Command line switches and use of NAVX command line utility for SAV/SEP for Macintosh'

Guide to symsched Command-line Switches Database 'Enterprise Security Knowledge Base', View 'Support\All Documents (CLF)', Document 'Guide to symsched Command-line Switches'

Title: 'How to create a Security Risk Exception for a Mac client from the Symantec Endpoint Protection Manager (SEPM)'


Legacy ID


Article URL http://www.symantec.com/docs/TECH132533

Terms of use for this information are found in Legal Notices