Endpoint Protection

 View Only

  • 1.  Exceptions using a Prefix - SEP 12.1

    Posted Mar 30, 2012 04:25 PM

    If SQL server was installed on many different drive letters across an environment (i.e. C:\, D:\, E:\, etc.), can I use the prefix [Program Files] and then the specified path, so that SEP excludes that location across any drive? 

     

    For example, creating an exception using:

    Prefix: [Program Files] File: Microsoft SQL Server\MSSQL\

    Would this configuration exclude this folder from scanning C:\Progam Files\Microsoft SQL Server\MSSQL\ AND D:\Progam Files\Microsoft SQL Server\MSSQL\ AND E:\Progam Files\Microsoft SQL Server\MSSQL\ and so on... and so on...

    Thank you!



  • 2.  RE: Exceptions using a Prefix - SEP 12.1

    Posted Mar 30, 2012 05:31 PM

    The prefix variable always assumes the C:\ drive.



  • 3.  RE: Exceptions using a Prefix - SEP 12.1

    Posted Mar 31, 2012 05:25 AM

    variables can be customized



  • 4.  RE: Exceptions using a Prefix - SEP 12.1

    Posted Mar 31, 2012 05:38 AM

    Hi,

    yes, you can use the prefix variables in SEPM but the result depends by the value of the variable in your systems.

    If you have:

    in system A
    SQL installed on C:\Program Files\SQL
    and %programfiles%=C:\Program Files
     

    in system B
    SQL installed on D:\Program Files\SQL
    and %programfiles%=D:\Program Files
     

    the exclusion %programfiles%\SQL works on both A and B.

    If in system B you have:
    SQL installed on D:\Program Files\SQL
    but %programfiles%=C:\Program Files

    the exclusion %programfiles%\SQL does not work on B because it reads C:\Program Files\SQL which is not correct for B.

    To check on the fly the value of a variable on a given system, just enter it in Start > Run...


     



  • 5.  RE: Exceptions using a Prefix - SEP 12.1

    Posted Apr 02, 2012 11:38 AM

    Not in SEP, which is what he was askng. Sure, you can change your system variables on the computer but that could affect other programs that use those variables.



  • 6.  RE: Exceptions using a Prefix - SEP 12.1

    Posted Apr 02, 2012 12:02 PM

    Voted up. That is really something in needed to know.



  • 7.  RE: Exceptions using a Prefix - SEP 12.1

    Trusted Advisor
    Posted Apr 02, 2012 12:19 PM

    Hello,

    This completely Depends on the location where MS SQL data files (,mdf, .ldf, and .ndf files) are stored on the MS SQL servers in your organization.

    Check this Article, which explains -

    Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 12.1

    http://www.symantec.com/docs/TECH183201

    How to exclude MS SQL files and folders using Centralized Exceptions

    http://www.symantec.com/docs/TECH105240

    Hope that helps!!


  • 8.  RE: Exceptions using a Prefix - SEP 12.1

    Posted Apr 05, 2012 11:21 AM

    Please, note that the variables on SEP are referring to the variables in the computer:

    [program files] in SEP = %programfiles% in the system



  • 9.  RE: Exceptions using a Prefix - SEP 12.1

    Posted Apr 18, 2012 06:13 PM

    Can someone help me understand how I can create an exception for a filename regardless of the location? I can't get a clear answer on this, as it seems that all files require a prefix or path. We have a internally developed debug executable that is being quarantined, but it often resides in a wide variety of folder locations, drive letters, volumes, etc. It will not allow me to create an exception for the risk itself.

     

    Thanks!



  • 10.  RE: Exceptions using a Prefix - SEP 12.1

    Posted Apr 21, 2012 09:55 AM

    Hi,

    is your application quarantined by the AV or the PTP?

    If AV, contact the tech support service to submit the file as false positive;

    if PTP, create a PTP exeption, it works differently than AV exeptions, view the Help for more info.