Endpoint Protection

 View Only

  • 1.  Exception Policies - File Exclusion

    Posted Apr 19, 2012 12:11 PM

     

    Can someone help me

    Can someone help me understand how I can create an exception for a filename regardless of the location? I can't get a clear answer on this, as it seems that all files require a prefix or path. We have a internally developed debug executable that is being quarantined, but it often resides in a wide variety of folder locations, drive letters, volumes, etc. It will not allow me to create an exception for the risk itself.

     

    Thanks!

     



  • 2.  RE: Exception Policies - File Exclusion

    Posted Apr 19, 2012 12:38 PM

    I believe it is not possible. You can try the process exclusion if that might help.

     

    This may give you some information on executables.

    Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 11

    http://www.symantec.com/business/support/index?page=content&id=TECH104326

     

    Symantec Endpoint Protection Manager - Centralized Exceptions - Policies explained

    http://www.symantec.com/business/support/index?page=content&id=TECH104432



  • 3.  RE: Exception Policies - File Exclusion

    Posted Apr 19, 2012 12:40 PM

    Also if it is a tool developed by you, you can try to whitelist them.

    https://submit.symantec.com/whitelist/isv/

    Kindly note that this may take even few months to be shitelisted after all the testings. Exception is the option to go with for immediate workarounds.



  • 4.  RE: Exception Policies - File Exclusion

    Posted Apr 19, 2012 02:18 PM

    Try Exceptions policy settings.

    http://www.symantec.com/business/support/index?page=content&id=TECH176906



  • 5.  RE: Exception Policies - File Exclusion

    Posted Apr 19, 2012 03:36 PM

    This seems completely ludicrous to me that you cannot simply exclude an executable file regardless of it's locations! Even the old versions of Symantec would allow you to do this!

    Thanks for posting the links, I have reviewed all of the links you've posted above, but it does not address my issue. I'm looking for an authoritative YES or NO answer from Symantec. 



  • 6.  RE: Exception Policies - File Exclusion



  • 7.  RE: Exception Policies - File Exclusion

    Posted Apr 19, 2012 05:43 PM

    You must not be reading my posts. I've read all of these documents. 

    Per the TECH doc 183201 - Note: For File and Folder-based exclusions, the Full Path to the file must be specified, unless a "Prefix Variable" is selected. If a "Prefix Variable" is selected, the path specified should be relative to the selected "Prefix Variable" 

    I believe this is telling me that you cannot create a file exception without defining a file path and/or a prefix variable. So if I want to make an exception for "billybob.exe", which could potential reside anywhere on my volume, it wouldn't be possible. Is this the correct understanding? If so, I'm blown away and would like to hear the logic behind this capability not being provided in the software.

    Please only post a reply if you have a direct answer, because the article links above are no longer helpful.

    Thanks



  • 8.  RE: Exception Policies - File Exclusion

    Posted Apr 20, 2012 05:20 AM

    I understand the frustration. We also face similar issues at times.

    The answer is No. this is not possible.

    As mentioned earlier, did you try process exclusion?

     

    I cannot give you an answer about the logic behind this ability of SEP, that question should be directed to a Symantec engineer.