Endpoint Protection

 View Only

  • 1.  client side exclusions

    Posted May 01, 2009 11:04 AM

    If I set specific scan exclusions on a box, will the SEPM AV policy that is applied to that group override those exceptions? So if I want just a specific exclusion for this one server, ( a specific drive or volume) do I need to create another policy or will the client side exclusions be ok?

    Thx
     



  • 2.  RE: client side exclusions
    Best Answer

    Posted May 01, 2009 11:25 AM
    Hi,

          You mentioned that :-

    If I set specific scan exclusions on a box, will the SEPM AV policy that is applied to that group override those exceptions?....NO

    As far as the exclusions are concerned it can be done from the SEPM as well as locally on the machine as well.

    Therefore the machine will have two centralized exceptions policy one from the administrator and one from the local user. The only thing is that you wont be able to see the administartor defined exceptions but  you will see the exceptions defined by the user locally.

    So if I want just a specific exclusion for this one server, ( a specific drive or volume) do I need to create another policy or will the client side exclusions be ok?......The client side exclusions will be OK


  • 3.  RE: client side exclusions

    Posted May 01, 2009 11:35 AM
    The machine will inherit the policy from thegroup in which it is located.

    If you need seperate policies, it is always a good practise to have seperate groups.


    ......Barkha


  • 4.  RE: client side exclusions

    Posted May 01, 2009 11:47 AM

    These responses seem to contradict each other.

    Barkha, I understand that the machine will inherit the policy from the group in which it is located. What I am wondering, and I havent tested yet, is if that policy will overwrite machine specific local policy. This is assuming that i have that feature unlocked on the local machine. 

    I would prefer for the machine to get my default server policy, but just add an exclusion specific to this server. I have a 10tb volume that I do not want scanned.

    Thanks


     



  • 5.  RE: client side exclusions

    Posted May 01, 2009 11:52 AM
    You cannot set policies directly at the clients, They are set at the group level.

    If you want just this server to have that particular exclusion, Put it in a different group of its own.

    Other option is to have the "Client Side exclusion" by configuring at the client, So you dont need to move it onto a different group.

    The client side exceptions will not be over ridden.

    Feel any better?


  • 6.  RE: client side exclusions

    Posted May 01, 2009 12:01 PM

    Ok, thats what I am looking for. I wasnt trying to set policies locally. I just wanted to verify that those client side exclusions were not going to be overwritten by the policy.

     



  • 7.  RE: client side exclusions

    Posted May 01, 2009 12:10 PM
    Finally it looks, we got things straight :)

    ......Barkha


  • 8.  RE: client side exclusions

    Posted May 01, 2009 12:15 PM
    Hi,

             Its good to know that things are in place now. Please let us know whether the solution worked.