Subfolders of folders that are excluded by Automatic Exclusions for Exchange are scanned

Article:TECH134854  |  Created: 2010-01-13  |  Updated: 2012-04-20  |  Article URL http://www.symantec.com/docs/TECH134854
Article Type
Technical Solution


Issue



Symantec Endpoint Protection (SEP) Clients installed on an Exchange server appear to have Exchange locations properly excluded, but files within the excluded directory structures are still scanned by AutoProtect or scheduled scans.

The behavior can be observed by downloading eicar.zip and extracting the eicar.com test file to the locations.


 


Environment



This issue has been observed on Microsoft Exchange 2003, 2007, and 2010 servers with Symantec Endpoint Protection (SEP) 11.x, 12.0.x SMB and 12.1.x clients.

 


Cause



The algorithm responsible for excluding Exchange file system locations will create different types of exclusions depending on Microsoft's recommendations. In some situations, directories and all their sub-directories are excluded. In other situaitons, only specific directories are excluded leaving sub-directories to be scanned. Some other exclusions are specific to a particular file and will not apply to any other files in those directories.

These exclusions are represented by DWORD registry values in the following keys:

  • 32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\Exchange Server\NoScanDir
  • 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions\Exchange Server\NoScanDir

Solution



The Automatic Exchange Exclusions created by the SEP client are properly created as per Microsoft's public recommendations. SEP will detect the mailbox role and set the required base exclusions for Exchange 2003/2007/2010. Exclusions for additional roles and clustering should be added manually as needed.
 

For information on Microsoft's recommendations for Microsoft Exchange exclusions, see http://technet.microsoft.com/en-us/library/bb332342.aspx.


 


Supplemental Materials

SourceETrack
Value2020224

SourceETrack
Value2168928

SourceETrack
Value2170913

SourceETrack
Value 2579451


Legacy ID



2010071310050548


Article URL http://www.symantec.com/docs/TECH134854


Terms of use for this information are found in Legal Notices