Ayuda de vídeo de Screencast

Exception rules

Created: 14 Marzo 2013 | 11 comments
el cuadro de los Jaredirk

If there are many profiles with the ntuser.pol file then I have to add them manually?

Ex.

C:\Users\Jay\Ntuser.pol

C:\Users\Karen\Ntuser.pol

or can i use this:

C:\Users\Default\Ntuser.pol

C:\Users\All Users\Ntuser.pol

so regardless of who logged on the machine?

followup:

---> In file exceptions, can i just input the file name or the whole path where the file is located?

Same with folder exceptions, if i can just type the folder without entering the whole path where it is located.

especially it is located on differenr locations

reference: https://www-secure.symantec.com/connect/forums/security-risk-file-exceptions-no-prefix-variable-means-any-instance-file

Also,

in folder exclusions:

my client gave me this format:

ex. windows\temp\

is this in symantec: %windows%\temp

and can be also: %windows%\TemP or %windows%\TEMP

Operating Systems:

Comentarios ComentariosIr al último comentario

el cuadro de los Rafeeq

it has to be added to all the users individually

have a look at this discussion.

https://www-secure.symantec.com/connect/forums/av-...

 whatever is between % will be termed as windows variables.

For Mac you need to use / ( forward slash) if you are doing for Windows it should be back slash(\)

TEMP or temp or TeMp or tEmP they all are one and the same.

http://www.symantec.com/business/support/index?pag...

el cuadro de los Chetan Savade

Hi,

Check this article: Excluding a file or a folder from scans

http://www.symantec.com/docs/HOWTO55205

Check this article as well: Creating exceptions for Symantec Endpoint Protection

http://www.symantec.com/docs/HOWTO55204

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

el cuadro de los Jaredirk

HI Rafeeq,

So to interpret windows\temp\

In SEP exclusions, what this should be:

%WINDOWS%\temp, %WINDOWS%temp,%WINDOWS%\temp\, %WINDOWS%temp\

el cuadro de los Jaredirk

Also,

I want to verify the information on this link:

https://www-secure.symantec.com/connect/forums/security-risk-file-exceptions-no-prefix-variable-means-any-instance-file

It says that you can exclude the file that is common to a lot of locations by just entering the file name without putting the exact location.if I use the NONE variable.

Would also be applicable to folder exclusions? like i'll just type temp since temp folder can be found in many areas? 

I'm confused because in this article:

http://www.symantec.com/business/support/index?pag...

If you use the NONE variable, exact path should be used.

el cuadro de los Rafeeq

it should be %windows%temp it will add \ ( i'm unable to get that discussion)

 check the same in registry

  • On 32-bit computers, see HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\AV\Exclusions.

  • On 64-bit computers, see HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions.

I'm unable to check this as I do not have test machine as of now. 

el cuadro de los Brɨan

This KB explains it

Using Prefix Variables for Security Risk Folder Exceptions in your Centralized Exceptions Policy.

padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH92938 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2009-01-18 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2009-01-18 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL http://www.symantec.com/docs/TECH92938

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

el cuadro de los Jaredirk

HI Brian/Rafeeq:

So after the variable, i did not have to put this format on the space beside it:

\Temp

but shoud be

Temp

Other example:

C:\Program Files\Microsoft folder

So in the SEP exclusions this should be interpreted as:

%PROGRAM_FILES%    Microsoft

not %PROGRAM_FILES%    \Microsoft

am i correct?

el cuadro de los Brɨan

When using the variable, it doesn't matter if you use the backslash \ or not. It will work either way.

If you don't use the variable, than you do need to use the backslash \

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

el cuadro de los Jaredirk

Also If I want to exclude the whole drive, would that be D:\ or D: using the NONE variable?

el cuadro de los Brɨan

D:\

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

el cuadro de los Jaredirk

How about this:

%PROGRAM_FILES%   \Microsoft, \Adobe

or

%NONE%   D:\, E:\