Video Screencast Help

Creating Exceptions (Applications)

Created: 30 Mar 2012 • Updated: 30 Mar 2012 | 4 comments
JRS17's picture

Hi,

I am trying to add a particular application to the exception list, but I am not sure if it working correctly.  

In order to be sure the file is excluded, I have excluded the file locations where the .exes are located AND a separate exception for the .exe itselft.  When doing so, I get the following window.  

 

 

 

Once you add it, and close this screen you see a list of all your exceptions but for all of mine that are .exe, are log only.  It indicates that it may take several hours fto appear in the exceptions list, and once it does, you will be able to specify an action.  I am not able to specify an action or see that exception in the list even after at least a week.  When I click edit on the .exe exceptions, it pops up the window from above.  See below.

 

 

What am I doing wrong?  Can someone provide assistance?  Thanks. 

Comments 4 CommentsJump to latest comment

Simpson Homer's picture

Solution

 

Centralized Exceptions policies contain exceptions for the following types of scans for Windows-based operating systems:

  • Auto-Protect
  • Scheduled and on-demand scans
  • Security Risks
  • SONAR

Follow the instructions below to make the type of exception required.

Creating exceptions for Antivirus and Antispyware scans

    Note: Security Risk Exceptions are global, and apply to all Scheduled Scans as well as real-time Auto-Protect.
    1. Log into the SEPM and click Policies.
    2. Under Policies click Exceptions.
    3. Under Tasks click Add an Exceptions policy. This will create and open a new Centralized Exceptions Policy.
    4. In the left pane, click Exceptions policy and select Edit the policy under Tasks.
    5. In the policy, select Exceptions.
    6. Click the Add button to open a drop-down menu. Move the cursor over Windows Exceptions to open a second drop-down menu.
    7. Select one of the nine options: Application, Application to Monitor, Application Control, Extensions, File, Folder, Known Risks, Trusted Web Domain, Tamper Protection Exception.

      Note: Wildcard variables such as * and ? are not supported for Known RisksFile, or Folder exceptions. The ? wildcard is supported for Extension exceptions. The Folder exceptions screen will accept * and ? but they will be treated as literal characters not wildcard variables.

      Note: For File and Folder-based exclusions, the Full Path to the file must be specified, unless a "Prefix Variable" is selected. If a "Prefix Variable" is selected, the path specified should be relative to the selected "Prefix Variable" 

      Note: if you are unsure about what type of exception to make please see the chapter entitled "Configuring Centralized Exceptions Policies" in the pdf "Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control".

    8. Enter the appropriate information for the item to be excluded. For Extensions, File, and Folder exclusions, specify the type of scans that will be excluded from the drop down menu or menus.
    9. (Optional) Repeat steps 6 through 8 to add any other Security Risk Exceptions to the policy.
    10. Click OK.
    11. Assign the policy to a group within the SEPM.

References
For more information please see the chapter entitled "Configuring Centralized Exceptions Policies" in the pdf "Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control"

Technical Information
Glossary of File/Folder Prefix Variables

 

 

NAME OF PREFIX Description
PROGRAM_FILES_COMMON A folder for components that are shared across applications. A typical path is C:\Program Files\Common Files
SYSTEM The Windows System folder. A typical path is C:\Windows\System32 or C:\WINNT\System32
COMMON_PROGRAMS The file system folder that contains the folders for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs
COMMON_DOCUMENTS The file system folder that contains documents that common to all users. A typical path is C:\Documents and Settings\All Users\Documents
PROGRAM_FILES The Program Files folder. A typical path is C:\Program Files
COMMON_DESKTOPDIRECTORY The file system folder that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop
WINDOWS The Windows folder or SYSROOT. This corresponds to the %windir% or %SYSTEMROOT% environmental variables. A typical path is C:\Windows or C:\WINNT
COMMON_APPDATA The file system folder containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data
COMMON_STARTUP The file system folder that contains all the programs that appear in the Startup folder for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs\Startup

NOTE: Endpoint does not allow the use of wildcards.
 

NRaj's picture

What you are doing is application exception, this is a new feature in 12.1.

This will monitor the application after which you can add an exclusion to the application.

If you know the list of files that needs to be excluded, you can create a normal file exclusion.

  1. Log into the SEPM and click Policies.
  2. Under View Policies click Centralized Exceptions.
  3. Under Tasks click Add a Centralized Exception policy... This will create and open a new Centralized Exceptions Policy.
  4. In the left pane, click Centralized Exceptions.
  5. Click the Add button to open a drop-down menu. Move the cursor over Security Risk Exceptions to open a second drop-down menu.
  6. Select one of the four options: Known Risks, File, Folder, Extensions.

 

The below articles may help.

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 11

http://www.symantec.com/business/support/index?page=content&id=TECH104326

 

Symantec Endpoint Protection Manager - Centralized Exceptions - Policies explained

http://www.symantec.com/business/support/index?page=content&id=TECH104432

 

How to add a Security Risk Exception in the Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH103120&locale=en_US

Ariv's picture

If any of the above comment helped in resolving the issue then mark that as a solution which will help the other users facing the same problem.