Video Screencast Help

Can't setup exclusion policy in SBE 12.1.2

Created: 11 Feb 2013 • Updated: 12 Feb 2013 | 9 comments

Hi

I want exlude from scanning a folder on all computers. For example C:\Foldername\Temp. I go to Centralized exception policy and add windows folder exception. I choose [NONE] prefix and write path  "C:\Foldername\Temp". Check "include subfolders" and choose all types of scanning to exclude. Then I update policy on client and manually start scanning the folder C:\Foldername. And what I see! I see that Temp subfolder is being scanned. Bad!

Ok. Go to client properties and manually add exceptions for folder C:\foldername\temp. Then start scanning C\Foldername. The Temp folder is not being scanned. Good!

What I am doing wrong in setting up centralized policy?

 

Comments 9 CommentsJump to latest comment

.Brian's picture

Did you verify the policy on the client matches the policy showing on the SEPM?

Verify the exclusions are set in the registry, check this:

How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory

Article:TECH105814  |  Created: 2008-01-05  |  Updated: 2011-03-02  |  Article URL http://www.symantec.com/docs/TECH105814

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

Check under HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines\Directory\Admin\[number id] - in a key like that you should find a path you have set in the centralized exception policy. Try to restart the smc service (smc -stop, smc -start) - although this should not be necessarily normally.

arsenalwine's picture

Bad news. No such folder "Admin" in registry, only "Client".

.Brian's picture

For 32 bit, check this reg key:

HKEY_LOCAL_MACHINE\SOFTWARE\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\AV\EXCLUSIONS

For 64bit, check this reg key:

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

arsenalwine's picture

Checked on x32 Win7, XP and x64 W2k8R2. There is no any content in "...\Admin" reg key. 

But if I manually add exceptions on client machine - the  "...\Client" reg key shows me my settings.

Help, friends.

arsenalwine's picture

Ok. I did it!!!

If I choose scanning type to exclude folder for  "ALL"  - the client don't get settings

If I choose scanning type to exclude folder "security threats" - evyrything is OK!!

SebastianZ's picture

Great that you managed it. I would think the ALL should already include the security threats in it, but well...

arsenalwine's picture

Stuck again!

I need to exlude scanning of folder "%appdata%\Alt-N" for every local user profile.

In exception policy I add the way "%appdata%\Alt-N". But when I manually start scanning of %appdata% for current user I see that the folder is being scanned. I also tried %userprofile%\Appdata\Roaming\Alt-N but had no success.

Please give me a hint

 

SebastianZ's picture

That may be a problem - as of current version SEP does not allow use of the variable of %userprofile% to be used in the exceptions - have a look what variables are being honored:

http://www.symantec.com/business/support/index?pag...

...there have been some ideas already posted to include more variables:

https://www-secure.symantec.com/connect/idea/sepm-...