Endpoint Protection

 View Only

  • 1.  Endpoint Protection Centralized Exceptions not working?

    Posted Mar 17, 2010 10:24 AM

    Hi.

    I have set up a centralized exception for a folder.
    Prefix variable: [NONE] Folder: C:\dev\*
    The policy is enabled and all groups are using it.

    I created a fake virus file using these instructions.
    http://service1.symantec.com/Support/nav.nsf/docid/19975295056
    The file is detected whether it is in the C:\dev\ folder or not.

    What is wrong with my setup?
    Is this a bad way to test my exception?

    Thanks.




  • 2.  RE: Endpoint Protection Centralized Exceptions not working?

    Posted Mar 17, 2010 10:32 AM
    Eicars will not be detected if its in this folder, if its anywhere else the virus will be detected.

    c:\dev\* means one level below dev folder
    c:\dev\*\* two leavel below dev folder

    How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008090512574448


  • 3.  RE: Endpoint Protection Centralized Exceptions not working?

    Posted Mar 17, 2010 10:46 AM
    Well it is detected when in the folder.

    I can find the exclusion listed in this key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines\Directory\Admin.
    But nowhere else under exclusions.

    What do you think is wrong?


  • 4.  RE: Endpoint Protection Centralized Exceptions not working?
    Best Answer

    Posted Mar 17, 2010 10:48 AM
    Yes, it will detect when its  in the folder, coz you have not excluded the folder but one level below that folder
    if you mention
    c:\dev , it will not detect it when inside the folder


  • 5.  RE: Endpoint Protection Centralized Exceptions not working?

    Posted Mar 17, 2010 11:14 AM
    Sorry, I did try it in a folder one level bellow and it still picked it up.

    However with C:\dev it works perfectly.

    Thanks for your help.