Video Screencast Help

Exceptions using a Prefix - SEP 12.1

Created: 30 Mar 2012 | 9 comments
JRS17's picture

If SQL server was installed on many different drive letters across an environment (i.e. C:\, D:\, E:\, etc.), can I use the prefix [Program Files] and then the specified path, so that SEP excludes that location across any drive? 

 

For example, creating an exception using:

Prefix: [Program Files] File: Microsoft SQL Server\MSSQL\

Would this configuration exclude this folder from scanning C:\Progam Files\Microsoft SQL Server\MSSQL\ AND D:\Progam Files\Microsoft SQL Server\MSSQL\ AND E:\Progam Files\Microsoft SQL Server\MSSQL\ and so on... and so on...

Thank you!

Comments 9 CommentsJump to latest comment

Ted G.'s picture

The prefix variable always assumes the C:\ drive.

Beppe's picture

variables can be customized

Regards,

Giuseppe

Ted G.'s picture

Not in SEP, which is what he was askng. Sure, you can change your system variables on the computer but that could affect other programs that use those variables.

Beppe's picture

Please, note that the variables on SEP are referring to the variables in the computer:

[program files] in SEP = %programfiles% in the system

Regards,

Giuseppe

Beppe's picture

Hi,

yes, you can use the prefix variables in SEPM but the result depends by the value of the variable in your systems.

If you have:

in system A
SQL installed on C:\Program Files\SQL
and %programfiles%=C:\Program Files
 

in system B
SQL installed on D:\Program Files\SQL
and %programfiles%=D:\Program Files
 

the exclusion %programfiles%\SQL works on both A and B.

If in system B you have:
SQL installed on D:\Program Files\SQL
but %programfiles%=C:\Program Files

the exclusion %programfiles%\SQL does not work on B because it reads C:\Program Files\SQL which is not correct for B.

To check on the fly the value of a variable on a given system, just enter it in Start > Run...

 

Regards,

Giuseppe

NRaj's picture

Voted up. That is really something in needed to know.

Mithun Sanghavi's picture

Hello,

This completely Depends on the location where MS SQL data files (,mdf, .ldf, and .ndf files) are stored on the MS SQL servers in your organization.

Check this Article, which explains -

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 12.1

http://www.symantec.com/docs/TECH183201

How to exclude MS SQL files and folders using Centralized Exceptions

http://www.symantec.com/docs/TECH105240

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

dionlbc's picture

Can someone help me understand how I can create an exception for a filename regardless of the location? I can't get a clear answer on this, as it seems that all files require a prefix or path. We have a internally developed debug executable that is being quarantined, but it often resides in a wide variety of folder locations, drive letters, volumes, etc. It will not allow me to create an exception for the risk itself.

 

Thanks!

Beppe's picture

Hi,

is your application quarantined by the AV or the PTP?

If AV, contact the tech support service to submit the file as false positive;

if PTP, create a PTP exeption, it works differently than AV exeptions, view the Help for more info.

Regards,

Giuseppe