Endpoint Protection

 View Only

  • 1.  Default Extension Exclusion List?

    Posted Aug 15, 2014 07:29 AM

    Is there a list of exclusions for file extension that symantec allows by default?  I know I can check in registry but I want to know if there is somewhere where there is a list depending on the role of the server, such as Active Directory or SQL? 

    More specifically I am being asked what extensions exceptions are set up by default from Symantec for Active Directory Domain Controllers?  I do not have access to log on to domain controllers to check the registry.



  • 2.  RE: Default Extension Exclusion List?

    Posted Aug 15, 2014 07:42 AM

    SEP will exclude AD by default, see here:

    About the automatic exclusion of Active Directory files and folders

    About the files and folders that Symantec Endpoint Protection excludes from virus and spyware scans

    Excluding Microsoft SQL Server files and folders using Centralized Exceptions

    Also a very detailed list compiled by Microsoft is here:

    http://support.microsoft.com/kb/975931

    https://www-secure.symantec.com/connect/forums/sep-exchange-and-sql#comment-3929691

    SEP is smart enough to exclude AD by default once installed on an AD server. It will automatically detect that it's running AD. For SQL, you will need to manually add the exclusions.



  • 3.  RE: Default Extension Exclusion List?

    Posted Aug 15, 2014 07:53 AM

    Automatic exclude list

    About the automatic exclusion of files and folders for Microsoft Exchange server and Symantec products

    Article:TECH102400  |  Created: 2007-01-02  |  Updated: 2014-03-07  |  Article URL http://www.symantec.com/docs/TECH102400

    These are the exclusion about sql

    http://support.microsoft.com/kb/309422

    Excluding Microsoft SQL Server files and folders using Centralized Exceptions

    Article:TECH105240  |  Created: 2008-01-27  |  Updated: 2012-11-12  |  Article URL http://www.symantec.com/docs/TECH105240

    Automatic exclusions are not created for SQL. Automatic exclusion are created if SEP is installed on Microsoft Exchange and Active Directory Domain Controllers

    Check chetan comment

    https://www-secure.symantec.com/connect/forums/exclusion-sql-server#comment-9103221 



  • 4.  RE: Default Extension Exclusion List?

    Posted Aug 15, 2014 08:41 AM

    so there is no list / table that shows what automatic exclusions (folders and extenstions) are applied based on the server role such as IIS, AD, SQL?



  • 5.  RE: Default Extension Exclusion List?
    Best Answer

    Posted Aug 15, 2014 08:45 AM

    Nope, you need to check the registry for this:

    You can view the exclusions that the client automatically creates.

    Look in the following locations of the Windows registry:

    • On 32-bit computers, see HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\AV\Exclusions.

    • On 64-bit computers, see HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions.



  • 6.  RE: Default Extension Exclusion List?

    Posted Aug 15, 2014 09:01 AM

    Thank you Brian,

    The problem with the registry is that in large organizations, there could be thousands of servers with multiple roles and each server types registry will be different, and a SEP admin doesn't necessarily have access to those servers to log on or remotely check the registry to figure out what default SEP exclusions are.  What would be helpful is a table provided and maintained by Symantec such as the one below:

     

    SEP Version Server Type Default Exception - Ext Default Exception - Folder
    12.1.4 IIS .aspx None

     



  • 7.  RE: Default Extension Exclusion List?

    Posted Aug 15, 2014 09:02 AM

    Agreed :)