Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Exception rules

Created: 13 Mar 2013 | 11 comments
Jaredirk's picture

If there are many profiles with the ntuser.pol file then I have to add them manually?

Ex.

C:\Users\Jay\Ntuser.pol

C:\Users\Karen\Ntuser.pol

or can i use this:

C:\Users\Default\Ntuser.pol

C:\Users\All Users\Ntuser.pol

so regardless of who logged on the machine?

followup:

---> In file exceptions, can i just input the file name or the whole path where the file is located?

Same with folder exceptions, if i can just type the folder without entering the whole path where it is located.

especially it is located on differenr locations

reference: https://www-secure.symantec.com/connect/forums/security-risk-file-exceptions-no-prefix-variable-means-any-instance-file

Also,

in folder exclusions:

my client gave me this format:

ex. windows\temp\

is this in symantec: %windows%\temp

and can be also: %windows%\TemP or %windows%\TEMP

Operating Systems:

Comments 11 CommentsJump to latest comment

Rafeeq's picture

it has to be added to all the users individually

have a look at this discussion.

https://www-secure.symantec.com/connect/forums/av-...

 whatever is between % will be termed as windows variables.

For Mac you need to use / ( forward slash) if you are doing for Windows it should be back slash(\)

TEMP or temp or TeMp or tEmP they all are one and the same.

http://www.symantec.com/business/support/index?pag...

Chetan Savade's picture

Hi,

Check this article: Excluding a file or a folder from scans

http://www.symantec.com/docs/HOWTO55205

Check this article as well: Creating exceptions for Symantec Endpoint Protection

http://www.symantec.com/docs/HOWTO55204

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Jaredirk's picture

HI Rafeeq,

So to interpret windows\temp\

In SEP exclusions, what this should be:

%WINDOWS%\temp, %WINDOWS%temp,%WINDOWS%\temp\, %WINDOWS%temp\

Jaredirk's picture

Also,

I want to verify the information on this link:

https://www-secure.symantec.com/connect/forums/sec...

It says that you can exclude the file that is common to a lot of locations by just entering the file name without putting the exact location.if I use the NONE variable.

Would also be applicable to folder exclusions? like i'll just type temp since temp folder can be found in many areas? 

I'm confused because in this article:

http://www.symantec.com/business/support/index?pag...

If you use the NONE variable, exact path should be used.

Rafeeq's picture

it should be %windows%temp it will add \ ( i'm unable to get that discussion)

 check the same in registry

  • On 32-bit computers, see HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\AV\Exclusions.

  • On 64-bit computers, see HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions.

I'm unable to check this as I do not have test machine as of now. 

.Brian's picture

This KB explains it

Using Prefix Variables for Security Risk Folder Exceptions in your Centralized Exceptions Policy.

Article:TECH92938  |  Created: 2009-01-18  |  Updated: 2009-01-18  |  Article URL http://www.symantec.com/docs/TECH92938

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Jaredirk's picture

HI Brian/Rafeeq:

So after the variable, i did not have to put this format on the space beside it:

\Temp

but shoud be

Temp

Other example:

C:\Program Files\Microsoft folder

So in the SEP exclusions this should be interpreted as:

%PROGRAM_FILES%    Microsoft

not %PROGRAM_FILES%    \Microsoft

am i correct?

.Brian's picture

When using the variable, it doesn't matter if you use the backslash \ or not. It will work either way.

If you don't use the variable, than you do need to use the backslash \

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Jaredirk's picture

Also If I want to exclude the whole drive, would that be D:\ or D: using the NONE variable?

.Brian's picture

D:\

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Jaredirk's picture

How about this:

%PROGRAM_FILES%   \Microsoft, \Adobe

or

%NONE%   D:\, E:\