Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Does creating a custom Citrix exception rule nullify any default exceptions?

Created: 07 Jan 2013 • Updated: 07 Jan 2013 | 7 comments
This issue has been solved. See solution.

I suppose this could also apply to Exchange and other systems that SEP is programmed to take into consideration automatically...

I have a Citrix farm and am looking at the Citrix-recommended exceptions for scanning.  After reading the Symantec Endpoint Protection 11.0 "Terminal Server and Citrix Best Practices White Paper" where is says on page 7: 

"As per terminal servers, if you wish to run the SEP firewall on a Citrix server then it is possible to do so without any issue using the default rule set in SEP 11.0 MR2 and beyond. If, however you wish to create a custom rule set for Citrix then the following processes and communications ports should be taken into account:"

Then it goes on to list a large number of exceptions...

I know that SEP automatically takes into account certain system, like Exchange - knowing what to scan and what not to scan.  My question is this:  does creating a custom rule nullify the automatic exceptions that SEP already knows about?  It sure seems like that, based on my reading of that section in the white paper; otherwise, why would it say to add those exceptions only if creating a custom rule set?

 

Many thanks,
Mark

Comments 7 CommentsJump to latest comment

Ashish-Sharma's picture

Best Practices for Symantec Endpoint Protection on Citrix and Terminal Servers

 

Article:TECH91070  |  Created: 2008-01-24  |  Updated: 2012-12-20  |  Article URL http://www.symantec.com/docs/TECH91070

 

Thanks In Advance

Ashish Sharma

 

 

Mithun Sanghavi's picture

Hello,

My question is this:  does creating a custom rule nullify the automatic exceptions that SEP already knows about?  It sure seems like that, based on my reading of that section in the white paper; otherwise, why would it say to add those exceptions only if creating a custom rule set?

Answer:

No, creating a custom rule does not nullify the automatic exceptions that SEP already knows about as these exceptions are by design.

By design, Automatic Exceptions are created for MS Exchange.

However in your case you would have to create specific excpetions over an above of MS Exchange manually.

Hope that helps!!

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

.Brian's picture

No, this won't affect existing exceptions, it will only add to them.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

saturnnights's picture

So, in addition to whatever is not scanned by SEP as a built-in exception for Citrix, I really ought to add all of those listed in that whitepaper?

 

Thanks,
Mark

.Brian's picture

I don't believe SEP detects Citrix and auto adds exclusions, you will need to add these manaully.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
saturnnights's picture

ATTN everyone who helped me with this question...

I'm new to these forums and didn't realize that I could only give credit to one person for helping me.  I clicked on each of your answers, but only the last one that I clicked gave credit.

I'm really sorry - I appreciate that all of you added input, but I don't know how to credit each of you  sad

 

Mark