Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

Exclude directory or file in the users profile from scanning

Created: 20 May 2010 • Updated: 22 Jun 2010 | 11 comments
rfn's picture
This issue has been solved. See solution.

Hi,

We're using Kerio Connect mailserver that integrates with Outlook through Kerio Outlook Connector that is a piece of software that is installed on all our computers. This connector caches all mails, calendars and contacs in a database file called STORE.FDB and it's located in a folder in the users profile.

I would like to exclude this file or the whole directory that it's located in from scanning and I would of course prefer to create this exclusion from SEPM so that I don't have to walk around to all computers and create this exception for all users on the computers!

The challenge is that the file is stored in (on Windows 7) C:\Users\[username]\AppData\Local\Kerio\Outlook Connector\[some random numer\STORE.FDB. Can I specify something like %USERPROFILE%\AppData.... in the exception? If not then how do I do this?

We're running SEP 11.05.

Regards,
René Frej Nielsen

Comments 11 CommentsJump to latest comment

Rafeeq's picture

it wont work
its still under progress.
Note, March 2010: There is an Idea (Enhancement Request) in the forum for adding the ability to exclude Windows profiles. Customers who complain of the missing capability to exclude user profile files like ntuser.dat can be directed to that Idea, where they can add their vote constructively. 


What variables and wildcards does Endpoint Protection allow in Centralized Exception Policies


http://service1.symantec.com/support/ent-security.nsf/docid/2008093008072448

You can exclude just the file STORE.FDB using the above doc; no matter where its located; if exists will not be scanned :)

Koosah's picture

Just exclude the extension of the file since its specific to the mailstore

Symantec Technical Specialist

Please don't forget to mark which thread solved your issue!

SOLUTION
AravindKM's picture

No .Only first will work(The one with file extension..)

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

rfn's picture

But how do I do this then:

You can exclude just the file STORE.FDB using the above doc; no matter where its located; if exists will not be scanned :)

AravindKM's picture

I don't think without giving full path or valid variable it will work.You can confirm this with the below doc
How to log all files and directories scanned during On-Demand / Scheduled Scan with Symantec Endpoint Protection 11.0

Create policy assign to one group and test it..

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Rafeeq's picture

Just exclude a single file ; excluding with extensions will exclude all the files with that extensions; the risk in high in the second case.

rfn's picture

I'm really happy for the many replies, but I'm still a bit confused about what will work, and what won't. I agree that exluding the whole extensions seems to be a risk, but if it's the only thing that will work, then it's ok in this situation.

I would rather exclude all files named STORE.FDB but since the box says "File (include full path)", then I guess it's not possible to just enter a filename without a path.

How do I check if the exception is working? Should I look at a log file on the client to see if it's skipping this file, and which log file would that be?

AravindKM's picture

Watching the log will be ideal I belive...

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Koosah's picture

Excluding the extension is not a risk the extension is a database extension, when i make sql exclusions I exclude the extension.

Look at this doc towards the bottom it states "*As an option you could instead do file extension exceptions for .mdf, .ldf, and .ndf files instead of whole directories, especially for SQL servers with more than one database/instance."

 

Title: 'How to exclude MS SQL files and folders using Centralized Exceptions'
Document ID: 2008062709312848
> Web URL: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008062709312848?Open&seg=ent

Symantec Technical Specialist

Please don't forget to mark which thread solved your issue!