Screencasts - Hilfsvideos

UserProfile Exclusions

Created: 26 Jan. 2013 | 13 Kommentare

Using the latest SEP 12.2

We are using a product called ProfileUnity and it's really slow when logging on with SEP installed (just the AV, with no sonar, no download insight)

I need to make the exceptions listed here: http://na2.salesforce.com/_ui/selfservice/pkb/PublicKnowledgeSolution/d?orgId=00D3000000006Eb&id=50140000000bW1J&retURL=%2Fsol%2Fpublic%2Fsolutionbrowser.jsp%3Fsearch%3Dantivirus%26cid%3D000000000000000%26orgId%3D00D3000000006Eb%26t%3D4&ps=1

The first exception is in the users %temp%\unttmp2 folder

I know stupid SEP still wont allow me to make exceptions in the %userprofile% folder (gee, it was submitted as an idea 3 years ago). What other options do I have? I know I can exclude c:\users, but that's a security risk.

I want to exclude .7z files, but only from \\this-server. Is that possible?

Thank You

Kommentare KommentareZum neuesten Kommentar

das Bild der Brɨans

When you say \\this-server do you mean only 1 machine?

If so, you can either put it into it's own group and add the exclusion for .7z files or you allow in the policy the ability to add exclusions locally.

Also, I would just exclude the unttmp2 folder. So set the prefix variable to [NONE] and add the absolute path C:\Documents and Settings\<user>\Local Settings\Temp\unttmp2 to the policy. It will only exclude this location, not all of %temp%

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

das Bild der bjohns

Using Virtual Desktops.

\\This-server would be a server the virtual desktops access for the users profile. Basically I want to exclude .7z files on that server.

For your second point, I'm not talkig about just one machine, or one user for that matter. Again, virtual desktops.

das Bild der Brɨans

Adding the .7z extension is easy.

Not so much for the folder under the user profiles as the way to currently do it is by adding for each user name....not practical.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

das Bild der bjohns

Yes, I excluded the .7z extension already, although it's a security risk. What I really want to do is to exclude it in a particular share/folder location.

I hate Symantec.

das Bild der bjohns

I'm wondering if someone can help me with this...

I stripped down my Symantec installation to include only AV, made exceptions, even disabled auto-protect (which disables sonar and download protection).

Yet, the mere fact that Symantec is on the machine, adds 15 seconds more to the profileunity load process.

On a machine without Symantec, it loads 15 seconds faster.

Anything I can do?

das Bild der SebastianZs

Not sure if disabling Auto Protect is a good idea - without it you have basically no "live" protection.

Have a go and open a case with Symantec, I am afraid the scope of your problem is bit above the recommendations that can be provided via forum. A lot more analysis and reproductions will be necessary to reach here any solution or workaround.

das Bild der Mithun Sanghavis

Hello,

I agree with SebastianZ's recommendation as we already aware of this Limitation. However, as much as I believe this is being considered for the Future Releases.

Check these IDEA's - 

https://www-secure.symantec.com/connect/ideas/using-system-variables-exceptions

https://www-secure.symantec.com/connect/idea/centralized-exceptions-hash-or-filename

https://www-secure.symantec.com/connect/idea/sepm-more-variables-avas-exclusions

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

das Bild der SebastianZs

Good links Mithun - the issue regarding the inability to set the User profile variables in exceptions has been already reported many time. Please support the ideas listed and hopefully we will see this option added in the future.

das Bild der JS@supports

Hi,

I know I can exclude c:\users, but that's a security risk --> I really don't think there would be a security risk.

Exception paths will not be scanned only for scheduled scan not for real time scan. Symantec should take care even though it's under exception policy.

Even though after creating exception it doesn't mean threat can easily enter/move in the user profiles.

das Bild der AravindKMs

There are no separate exclusions for real-time and scheduled scans. If you add any file/folder to exclusion it will be excluded from all types of scans..

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

das Bild der cus000s

Hah i missed out on these ideas, will vote them.

I think it's good to have a different option for Auto-Protect scan

das Bild der bjohns

https://www-secure.symantec.com/connect/idea/sepm-... has been active since 2009. Obviously there's no pointing in having an idea and voting for it if it's not going to be implemented.

I think I personally voted for that idea almost two years ago.

Yes, as it's mentioned in that thread, it's not something that's easy to implement, nevertheless, it SHOULD have been implemented by now!

Stupid!

das Bild der bjohns

Need some more help. I re-directed my %temp% to c:\temp. Created central exclusions for c:\temp. I see that the registry lists the exclusions I created.

Still slow.

When I look at list of files being scanned by auto-protect, I see that files in c:\temp are being scanned?

What gives?

Using the latest version.