Endpoint Protection

 View Only
  • 1.  Exception not working

    Posted Jul 21, 2015 12:00 PM

    Greetings,

    We have SEPM 12.1.5 installed on Window Server2008 and am having difficulty getting an EXE exception to take hold. The policy has been applied and I do see the results in the registry of the clients, however symantec is still blocking the application from launching. The policy is set as an application exception, set to ignore, mapped directly to the .exe file. 

    Error states Security Risk Found! WS.Reputation.1 in file: c:\Path to file.exe by: Auto-Protect scan Action: Quarantine succedded. Event ID: 51



  • 2.  RE: Exception not working

    Posted Jul 21, 2015 12:03 PM

    This is for Download Insight.

    Have you added to the Excpetion policy via the Risk log? You would need to select "Allow application" and add to the policy for your clients.



  • 3.  RE: Exception not working

    Posted Jul 22, 2015 12:06 AM

    File excluded under "Application Exception" will not be excluded from auto-protect scan.

    Open the centralized exceptions policy and add a new file/folder exception for Auto-protect (or All scans).

    Note: Before excluding the file, make sure that it is not a risk.



  • 4.  RE: Exception not working

    Broadcom Employee
    Posted Jul 23, 2015 11:19 AM

    Hi,

    If Tamper protection alerts are already generated create a exceptions through Monitors tab.

    1. Click Monitors.
    2. Click the Logs tab.
    3. For Log type, choose Application & Device Control.
    4. Click Advanced Settings.
    5. For Event Type, select Tamper Protection.
    6. Click View Logs.
    7. Click a tamper protection event that contains the executable to exclude.
    8. At the top of the table, in the Action box, choose: Add file to Centralized Exceptions Policy.
    9. Click Start.
    10. Check Process File to be added is correct. This will be the Actor Process, not the Target.
    11. Select the Centralized Exception policy to which you want to add the new exception.
    12. Click OK.
    13. Click OK at the Message box .
    14. When client checks in with SEPM it will get new policy based on heartbeat interval.

    Reference: http://www.symantec.com/business/support/index?page=content&id=TECH92553&locale=en_US

    If not helped, check this article to setup exceptions correctly.

    Creating exceptions for Symantec Endpoint Protection

    http://www.symantec.com/docs/HOWTO55204