Configuring Exceptions for Symantec Endpoint Protection (SEP) 12.1
|Article:TECH176906|||||Created: 2011-12-14|||||Updated: 2014-11-07|||||Article URL http://www.symantec.com/docs/TECH176906|
You have recently upgraded from Symantec Endpoint Protection 11.x to 12.1, and you notice that exceptions policy settings have changed, been renamed and/or been expanded. You want to know how you can determine that you have set your exceptions correctly.
In Symantec Endpoint Protection 12.1, Exceptions policy settings have been expanded to include the new Protection Technologies, such as Download Insight and SONAR and some settings have been renamed or regrouped.
Use caution when configuring exceptions. Every exception created for a web domain or directory will open a hole in the computer's defenses.
Exceptions are grouped under the applicable Operating Systems: Windows Exceptions or Mac Exceptions. For example, the locations below for configuring exception settings in Symantec Endpoint Protection 11.x:
- Centralized Exceptions>Windows Exceptions>Security Risk Exception>Known Risk
- Centralized Exceptions>Windows Exceptions>TruScan Proactive Threat Scan Exceptions>Detected Processes
are now found in this location in Symantec Endpoint Protection 12.x:
- Exceptions>Windows Exceptions>Known Risks
- Exceptions>Windows Exceptions>Application to Monitor
Note: The only configurable SEP for Mac Exceptions are for "Security Risk Exceptions for File or Folder".
A convenient way to create exceptions is the option to create Exceptions Based on Detections. See the Download Insight detection (WS.Reputation.1) example below:
Exceptions could be configured from the related Risk log in Symantec Endpoint Protection Manager (SEPM):
See the Implementation Guide (through 12.1.1) for more information on configuring Exceptions.
See the False Positive Prevention section in SEP Sizing and Scalability Best Practices for an example on how to add a Trusted Web Domain.
Article URL http://www.symantec.com/docs/TECH176906