Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Creating an DNS or Host File Change Exception in Symantec Endpoint Protection Manager 12.1 RU1 MP1 and above.

Created: 31 Jul 2012 • Updated: 31 Jul 2012 | 5 comments
Language Translations
Mithun Sanghavi's picture
+5 5 Votes
Login to vote

 

SEP 12.1 Release Update 1 (RU1) Maintenance Patch 1 (MP1) added a new exclusion category: DNS or Host File Change Exception. This exclusion will prevent SONAR from taking any action on applications that have been excluded from these detections.

Follow the steps below for creating an DNS or Host File Change Exception in Symantec Endpoint Protection Manager 12.1 RU1 MP1 and above.

  1. Login to the Symantec Endpoint Protection Manager (SEPM)
  2. Click on Policies TAB
  3. Click Exceptions under policies
  4. Either click on "Edit the Policy" OR "Add an Exception Policy" as per your requirements.
  5. Under Exceptions Policy, click on Exceptions and click on "Add" button and then click on Windows Exceptions and select "DNS or Host File Change Exception"
  6. Click on "Add an Application to Monitor". Add an application that is to be Monitored on the network. That can be an Applicaiton which is currently in use, or an application that you would like to monitor for its appearance. Once this Application has been added, it can take several hours to appear  in the list  of Application Exceptions. Once it appears on the list, you will be able to specify an action for an application.
  7. Click on Add
  8. Chose the Action ( Ignore, Log only, Prompt and Block ) Note: By default it is set to "Log only"
  9. Click on OK
  10. Click on OK 

Make sure you assign the policy to the correct groups.

Related Articles:

Error: "Security Risk Found! Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan"

http://www.symantec.com/docs/TECH164391

Symantec Endpoint Protection 12.1: Blocked System Change Events produce unexpected messages

http://www.symantec.com/docs/TECH161646

Hope that helps!!

Comments 5 CommentsJump to latest comment

Srikanth_Subra's picture

Hi,

Is it possible for you to post a procedure like this for how to add one exe file in exceptions?

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

0
Login to vote
.Brian's picture

Much needed feature...

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
BAGSI's picture

How do I find  Symantec Endpoint Protection Manager (SEPM)

This is how my Symantec Endpoint comes up and there is no Manager so I can not find the Policies tab.

0
Login to vote
.Brian's picture

Click on Help >> Troubleshooting

The server will show the name of your SEPM (or IP Address)

Make sure your client is managed. If there is a green dot on the SEP icon in the task tray this indicates it is managed by a SEPM.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote