Endpoint Protection

 View Only

  • 1.  Centralized exceptions for some executables

    Posted May 06, 2009 10:34 AM
    Hi, i am having problems with centralized exceptions. I have received a question from systemengineers to make
    sure that certain exe files where set to ignore in the centralized exceptions. I even opened a case at symantec.
    Casenumber 320-191-419. I tried the things they asked me to do. For example: I've got aports.exe and slacker.exe. I use the
    truscan proactive threat scan exceptions. The 2 files are not in the list of detected processes. Do i have to put them first in
    process and wait a while.The problem is when i try to download the files i receive an access denied and sep finds the files
    and quarantines them.  I used the centralized exceptions a lot but not for this reason. How do i solve this issue? Somebody?


  • 2.  RE: Centralized exceptions for some executables

    Posted May 06, 2009 10:50 AM
    Yes, the 2 files need to be added to the Centralized Exceptions policy through the SEPM

    Have you read this KB?

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008032010550448

    Let me know if this is any help.

    Thomas



  • 3.  RE: Centralized exceptions for some executables

    Posted May 06, 2009 07:03 PM
    Same goes with AngryIPScanner.exe


  • 4.  RE: Centralized exceptions for some executables

    Posted May 06, 2009 07:23 PM
    When you add the exceptions in SEPM, be aware that the changes will not be instantaneous on the client machines.  It will take a little bit of time for the clients to grab the new policy changes.


  • 5.  RE: Centralized exceptions for some executables

    Posted May 07, 2009 07:12 AM
    This is what i did. I created a centralized exception for a group of testcomputers. On one of these computers i would like
    to download slacker.exe. The problem is that on the instance i get an error "access denied" and then symantec pops up
    with auto-protect has acted on the risks and cleaned it by deletion. I put slacker .exe in the exceptions as a security risk
    with the action ignore aswell as a truscan proactive threat scan protection with action log only. Still it doesn't work as it
    should be. It gets cleaned on the instance. Please help me somebody?


  • 6.  RE: Centralized exceptions for some executables

    Posted May 07, 2009 02:26 PM
    It could take some time to take effect. Depending on when your client connects to the server to get updates (policy).


  • 7.  RE: Centralized exceptions for some executables
    Best Answer

    Posted May 08, 2009 03:08 AM
    Thanks for responding but waiting did't help. Even after a day it didn't do a thing. After a lot of discussions with a college
    we found the solution. It 's not without danger of course. We put the computer in a group alone. There we disabled auto-protect
    and true scan proactive threat. Not something to do every day. Then i tried downloading the file and it worked fine. After that i reactivated
    auto-protect and truescan and wonder by wonder it worked. No more warnings or popups. Slacker.exe still stands in my centralized exceptions.
    When it's active again i tried again downloading the file but then it didn't work.


  • 8.  RE: Centralized exceptions for some executables

    Posted May 08, 2009 12:49 PM
    @ThierrySEP: There is also a thread that discusses the similar issue with radio applications
    https://www-secure.symantec.com/connect/forums/sep-network-threat-protection#new
    You might also want to check it out.



  • 9.  RE: Centralized exceptions for some executables

    Posted May 11, 2009 04:22 AM
    Thanks for this info mon_raralio.