Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Centralized exceptions

Created: 17 Sep 2012 • Updated: 20 Sep 2012 | 20 comments
This issue has been solved. See solution.

Hi,

One of my centralized exception is not working correctly..i added in server but in client it is not showing and is getting blocked by SEP. i need to add individually for each client..Please help to solve this

Comments 20 CommentsJump to latest comment

Ashish-Sharma's picture

Hi,

Configuring a centralized exception for a folder for Windows clients

http://www.symantec.com/business/support/index?page=content&id=HOWTO27612

Please Check Policy Serial No. both side are same or not.

Thanks In Advance

Ashish Sharma

 

 

Srikanth_Subra's picture

Hi,

I need to add one exe, i do know how to add the prefix for that file.

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Srikanth_Subra's picture

Hi,

I tried all these artciles already, but cant get any idea just a bit confused...

i want to add prov.exe file so that it should be excepted.

this file can be in any location of the system.

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Srikanth_Subra's picture

Hi,

But this exe is not standard one this is our dynamic PSK file of wireless

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Ashish-Sharma's picture

hi,

I think you have already raised one thread for same problem

https://www-secure.symantec.com/connect/forums/centralized-exceptions-11

Thanks In Advance

Ashish Sharma

 

 

Srikanth_Subra's picture

Yep..but no action at our side so only i raised again to fix this issue once for all

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Ashish-Sharma's picture

Hi,

I have giv one suggestion you have this thead and follow Old thread.

Please provide all information on Mithun as per last comments

 

Mithun Sanghavi Symantec Employee Technical Support Accredited

Hello,

Have you received a Tracking number? If yes, please PM me the Tracking number and let me check the same.

Hope that helps!!

 

Thanks In Advance

Ashish Sharma

 

 

Mithun Sanghavi's picture

Hello,

Could you tell us the reason, you want the "prov.exe" under centralized exceptions?

Is Symantec detecting it as a Threat?

Which component of SEP 12.1 is detecting it as Threat?

When you say, "is getting blocked by SEP"? 

Does that mean, the traffic / packets generated from "prov.exe" traffic being blocked?

If yes, then work on this Article: 

How to add an exception for Intrusion Prevention Policy to allow a specific ID through Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH97176

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Srikanth_Subra's picture

Hi,

The traffic is not getting blocked..the exe itself is identified as bloodhound sonar.9 and the process is application heuristics

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

_Brian's picture

Did you try just adding the file name (prov.exe) to the central exception policy? That should be all that's needed.

Did you confirm the client than downloaded the updated policy?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Srikanth_Subra's picture

Hi,

I checked the policy no and both are same and client can download the policy.

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Mithun Sanghavi's picture

Hello,

Bloodhound.Sonar.9 is a heuristic detection for processes based on certain attributes.

http://www.symantec.com/security_response/writeup.jsp?docid=2011-122605-0918-99

Files that are detected as Bloodhound.Sonar.9 may be malicious. We suggest that you submit any such files to Symantec Security Response. For instructions on how to do this using Scan and Deliver, read Submit Virus Samples.

Submitting suspicious files to Symantec allows us to ensure that our protection capabilities keep up with the ever-changing threat landscape. Submitted files are analyzed by Symantec Security Response and, where necessary, updated definitions are immediately distributed through LiveUpdate™ to all Symantec end points. This ensures that other computers nearby are protected from attack. The following resources may help in identifying suspicious files for submission to Symantec.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Srikanth_Subra's picture

Now i had submiited that exe in this but have not received any tracking no..just confirmation only received..

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Mithun Sanghavi's picture

Hello,

So, you received the confirmation email with the subject line Tracking#, correct?

With what email address was this submission done?

and

On which website was the submission done?

Let me look into this ..!!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Srikanth_Subra's picture

No subject line with tracking No

it is just telling as your incident is 2934711

I have submiited in the site

https://submit.symantec.com/websubmit/basic.cgi

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Mithun Sanghavi's picture

Hello,

With what email address have you submitted the file?

Could you please submit the file on:

https://submit.symantec.com/websubmit/essential.cgi

and 

http://www.threatexpert.com/submit.aspx

Note: ThreatExpert is Owned by Symantec.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Srikanth_Subra's picture

Hi,

i got reply from the submission telling that my file has been whitelisted and the update will reflect in next definition cycle.

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)

Srikanth_Subra's picture

Hi,

At last my problem got solved after my file updated..now symantec is not catching that..

Thanks all for your kind help..

Thanks & Regards,

 Srikanth.S

"Defeat the Defeat before the Defeat Defeats you"
(Swami Vivekananda)