Endpoint Protection

 View Only

  • 1.  Creating Exceptions (Applications)

    Posted Mar 30, 2012 09:53 AM

    Hi,

    I am trying to add a particular application to the exception list, but I am not sure if it working correctly.  

    In order to be sure the file is excluded, I have excluded the file locations where the .exes are located AND a separate exception for the .exe itselft.  When doing so, I get the following window.  

     

     

     

    Once you add it, and close this screen you see a list of all your exceptions but for all of mine that are .exe, are log only.  It indicates that it may take several hours fto appear in the exceptions list, and once it does, you will be able to specify an action.  I am not able to specify an action or see that exception in the list even after at least a week.  When I click edit on the .exe exceptions, it pops up the window from above.  See below.

     

     

    What am I doing wrong?  Can someone provide assistance?  Thanks. 



  • 2.  RE: Creating Exceptions (Applications)

    Posted Mar 30, 2012 10:20 AM

    Solution


     

    Centralized Exceptions policies contain exceptions for the following types of scans for Windows-based operating systems:

    • Auto-Protect
    • Scheduled and on-demand scans
    • Security Risks
    • SONAR


    Follow the instructions below to make the type of exception required.

    Creating exceptions for Antivirus and Antispyware scans

      Note: Security Risk Exceptions are global, and apply to all Scheduled Scans as well as real-time Auto-Protect.
      1. Log into the SEPM and click Policies.
      2. Under Policies click Exceptions.
      3. Under Tasks click Add an Exceptions policy. This will create and open a new Centralized Exceptions Policy.
      4. In the left pane, click Exceptions policy and select Edit the policy under Tasks.
      5. In the policy, select Exceptions.
      6. Click the Add button to open a drop-down menu. Move the cursor over Windows Exceptions to open a second drop-down menu.
      7. Select one of the nine options: Application, Application to Monitor, Application Control, Extensions, File, Folder, Known Risks, Trusted Web Domain, Tamper Protection Exception.

        Note: Wildcard variables such as * and ? are not supported for Known RisksFile, or Folder exceptions. The ? wildcard is supported for Extension exceptions. The Folder exceptions screen will accept * and ? but they will be treated as literal characters not wildcard variables.

        Note: For File and Folder-based exclusions, the Full Path to the file must be specified, unless a "Prefix Variable" is selected. If a "Prefix Variable" is selected, the path specified should be relative to the selected "Prefix Variable" 



        Note: if you are unsure about what type of exception to make please see the chapter entitled "Configuring Centralized Exceptions Policies" in the pdf "Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control".
      8. Enter the appropriate information for the item to be excluded. For Extensions, File, and Folder exclusions, specify the type of scans that will be excluded from the drop down menu or menus.
      9. (Optional) Repeat steps 6 through 8 to add any other Security Risk Exceptions to the policy.
      10. Click OK.
      11. Assign the policy to a group within the SEPM.


    References
    For more information please see the chapter entitled "Configuring Centralized Exceptions Policies" in the pdf "Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control"



    Technical Information
    Glossary of File/Folder Prefix Variables

     

     


    NAME OF PREFIX
    Description

    PROGRAM_FILES_COMMON
    A folder for components that are shared across applications. A typical path is C:\Program Files\Common Files

    SYSTEM
    The Windows System folder. A typical path is C:\Windows\System32 or C:\WINNT\System32

    COMMON_PROGRAMS
    The file system folder that contains the folders for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs

    COMMON_DOCUMENTS
    The file system folder that contains documents that common to all users. A typical path is C:\Documents and Settings\All Users\Documents

    PROGRAM_FILES
    The Program Files folder. A typical path is C:\Program Files

    COMMON_DESKTOPDIRECTORY
    The file system folder that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop

    WINDOWS
    The Windows folder or SYSROOT. This corresponds to the %windir% or %SYSTEMROOT% environmental variables. A typical path is C:\Windows or C:\WINNT

    COMMON_APPDATA
    The file system folder containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data

    COMMON_STARTUP
    The file system folder that contains all the programs that appear in the Startup folder for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs\Startup

    NOTE: Endpoint does not allow the use of wildcards.
     



  • 3.  RE: Creating Exceptions (Applications)

    Posted Mar 30, 2012 12:16 PM

    What you are doing is application exception, this is a new feature in 12.1.

    This will monitor the application after which you can add an exclusion to the application.

    If you know the list of files that needs to be excluded, you can create a normal file exclusion.

    1. Log into the SEPM and click Policies.
    2. Under View Policies click Centralized Exceptions.
    3. Under Tasks click Add a Centralized Exception policy... This will create and open a new Centralized Exceptions Policy.
    4. In the left pane, click Centralized Exceptions.
    5. Click the Add button to open a drop-down menu. Move the cursor over Security Risk Exceptions to open a second drop-down menu.
    6. Select one of the four options: Known Risks, File, Folder, Extensions.

     

    The below articles may help.

    Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 11

    http://www.symantec.com/business/support/index?page=content&id=TECH104326

     

    Symantec Endpoint Protection Manager - Centralized Exceptions - Policies explained

    http://www.symantec.com/business/support/index?page=content&id=TECH104432

     

    How to add a Security Risk Exception in the Endpoint Protection Manager

    http://www.symantec.com/business/support/index?page=content&id=TECH103120&locale=en_US



  • 4.  RE: Creating Exceptions (Applications)

    Posted Apr 03, 2012 09:46 AM

    Did that help?



  • 5.  RE: Creating Exceptions (Applications)

    Posted Apr 09, 2012 12:19 PM

    If any of the above comment helped in resolving the issue then mark that as a solution which will help the other users facing the same problem.