Endpoint Protection

 View Only

  • 1.  Exceptions

    Posted Mar 13, 2013 09:32 PM

    Hi Guys,

    Is it possible that in one server group I have contrasting exception rules?

    Ex. One rule to scan the windows\temp folder and another rule to not scan the windows\temp example in the default groups

    Or 

    on the default group, i didn't make exclude the windows\temp folder to be scanned then made a subgroup with exception to scan windows\temp folder.

    Who will take effect?



  • 2.  RE: Exceptions

    Posted Mar 13, 2013 09:39 PM

    You would need to create separate groups and apply a different policy for each.

    If you make a subgroup from the default group, in order for the policy to take affect, break inheritance on the subgroup and create a new policy and assign the new policy to only the subgroup.

    Disabling and enabling a group's inheritance

    Article:HOWTO55441  |  Created: 2011-06-29  |  Updated: 2011-12-17  |  Article URL http://www.symantec.com/docs/HOWTO55441

     



  • 3.  RE: Exceptions

    Posted Mar 13, 2013 09:49 PM

    Hi Jaredirk

     

    Definitely you will face issues and its not a best practise to have contrasting rules for the same group.

Ex. One rule to scan the windows\temp folder and another rule to not scan the windows\temp example in the default groups

     

    on the default group, i didn't make exclude the windows\temp folder to be scanned then made a subgroup with exception to scan windows\temp folder.

     

    Yes it is possible if you break the inheritance as Brian suggested. you can create multiple groups & subroups & assign different policyto each group. It will work. 



  • 4.  RE: Exceptions

    Posted Mar 14, 2013 01:56 AM

    at any point of time, a client can report to only one group.

    policies are applied to groups. what you trying to do will never happen on any clients.