Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Exclude a file with no fixed path

Updated: 21 May 2010 | 5 comments
JimFCL's picture
JimFCL
0 0 Votes
Login to vote

I have a file which I need to exclude by adding a centralized exception.

The file happens to be classed as a hacktool, but it is a very useful hacktool (and I am happy to have it and run it on my system),I need to be able to use it, the problem excluding it is that it has no fixed path, as it is not an installed programme rather a standalone executable and can be run from wherever I put it so adding a 'full path' exclusion is not possible.

Effectively what I need to do is exclude filename1.exe regardless of location.  At present when specifying a file you have to specify the full path and you cannot include a wildcard such as * (stars are not accepted) to indicate any path and although I can input stars when excluding a folder it doesnt seem to work.

Server 11.0.5002.333
Client 11.0.5002.333

Does anybody know if it is even possible to do this?

Thanks,

Jim

discussion Filed Under:
, , ,

Comments

Aniket Amdekar's picture
30
Oct
2009
0 Votes 0
Login to vote
Aniket Amdekar

Hi, Please follow the steps

Hi,

Please follow the steps below:

  1. Click the Monitors view.
  2. Under the Logs tab, change the Log Type to Risk.
  3. Click the View Log button to open the Risk Logs page.
  4. Select the risk you want to exclude.
  5. From the Action drop-down list, select Add Risk to Centralized Exceptions Policy, then click Start.
  6. Select the blank policy you created, and click OK.

Aniket

AravindKM's picture
30
Oct
2009
0 Votes 0
Login to vote
AravindKM

First you find out the

First you find out the checksum value of that file add it to exclutions list
Below doc can help you in this(Actually the doc for for blocking But you can do a small modification and use for allow)
http://service1.symantec.com/SUPPORT/ent-security....

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

JimFCL's picture
30
Oct
2009
0 Votes 0
Login to vote
JimFCL

Hi Aniket, That would just

Hi Aniket,

That would just add the path of the current location/machine if you have two hundred machines with 200 users running the file from ten different places I would end up adding one hell of a lot of exclusions for effectively the same file!

Hi Aravind,

It sounds like you're along the right lines (although it's not obvious how to exclude by hash value) however that URL posted doesn't seem to work.  I've done a search in the knowledgebase with no luck so far.

If it's possible to do so, would adding the filename into the Security Risk Exceptions -> Known Risks solve it?

Any further info is appreciated.

Thanks for the replies.

Jim

AravindKM's picture
30
Oct
2009
0 Votes 0
Login to vote
AravindKM

Refer the

Refer the discussion

http://www.symantec.com/connect/forums/how-block-applications-sep-using-md5

and the solution of

https://www-secure.symantec.com/connect/forums/ultrasurf#comment-2504141

 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

AravindKM's picture
30
Oct
2009
0 Votes 0
Login to vote
AravindKM

The above discussions also

The above discussions also about blocking a particular file .While creating the policy in the action to be taken you select as allow and try 

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
259,054