Configuring Exceptions for Symantec Endpoint Protection (SEP) 12.1

Article:TECH176906  |  Created: 2011-12-14  |  Updated: 2014-11-07  |  Article URL http://www.symantec.com/docs/TECH176906
Article Type
Technical Solution

Product(s)

Issue



You have recently upgraded from Symantec Endpoint Protection 11.x to 12.1, and you notice that exceptions policy settings have changed, been renamed and/or been expanded. You want to know how you can determine that you have set your exceptions correctly.


Cause



In Symantec Endpoint Protection 12.1, Exceptions policy settings have been expanded to include the new Protection Technologies, such as Download Insight and SONAR and some settings have been renamed or regrouped.

For example, an added configuration setting is: "Trusted Web Domain Exceptions" for Download Insight detections.
 
In addition, some configuration settings from Symantec Endpoint Protection 11.x have been renamed. TruScan Proactive Threat Protection has been replaced by SONAR in SEP 12.1 and its exception settings are now configurable under "Application" and "Application to Monitor."

Solution



Use caution when configuring exceptions.  Every exception created for a web domain or directory will open a hole in the computer's defenses.

Be sure to use multiple layers of protection and submit any suspected False Positives to Symantec for examination rather than opening a permanent scanning exclusion against that file.

 

Exceptions are grouped under the applicable Operating Systems: Windows Exceptions or Mac Exceptions. For example, the locations below for configuring exception settings in Symantec Endpoint Protection 11.x:

  • Centralized Exceptions>Windows Exceptions>Security Risk Exception>Known Risk
  • Centralized Exceptions>Windows Exceptions>TruScan Proactive Threat Scan Exceptions>Detected Processes

are now found in this location in Symantec Endpoint Protection 12.x:

  • Exceptions>Windows Exceptions>Known Risks
  • Exceptions>Windows Exceptions>Application to Monitor

Note: The only configurable SEP for Mac Exceptions are for "Security Risk Exceptions for File or Folder".

A convenient way to create exceptions is the option to create Exceptions Based on Detections. See the Download Insight detection (WS.Reputation.1) example below:

 

  

 

Exceptions could be configured from the related Risk log in Symantec Endpoint Protection Manager (SEPM):

 

See the Implementation Guide (through 12.1.1) for more information on configuring Exceptions.

See the False Positive Prevention section in SEP Sizing and Scalability Best Practices for an example on how to add a Trusted Web Domain.

 





Article URL http://www.symantec.com/docs/TECH176906


Terms of use for this information are found in Legal Notices