Endpoint Protection

 View Only

  • 1.  Excluding [%temp%\Test1] directory...

    Posted May 16, 2013 08:40 AM

    First off thanks for your help! I've been supporting our SEP environment (v12.1) now for about two months, so I'm quite new to this product.

    I'm struggling to find a solution regarding how to create an exception/exclusion rule (for all scans) for the [%temp%\Test1] directory. I'm working in a Windows 7 environment and have read that wild card characters are not properly read/applied during the exclusion process. That means "C:\Users\*\AppData\Local\temp" is out of the question.

    I do not believe I can just manually exclude the folder [%temp%\Test1] but maybe I'm wrong... I'm looking for a little direction/suggestions from the community. I do not believe excluding "C:\Users" from all scans is a reasonable idea and I'm hoping someone has an idea for me.

    Thanks!



  • 2.  RE: Excluding [%temp%\Test1] directory...

    Posted May 16, 2013 08:46 AM

    The problem is that there is no variable for the user profile so you need to add this exclusion for each user.

    Which would be C:\Users\<username>\AppData\Local\Temp\Test1



  • 3.  RE: Excluding [%temp%\Test1] directory...

    Posted May 16, 2013 08:53 AM

    Please don't take this as shooting the messenger but I need this exclusion applied to every profile so explicitly creating the exclusion like that just isn't an option.

    Does this seem limited to others or just me??? I've only used competitors products in the past so I just assumed wild cards and variables was a given.

    Thanks for your input Brian!



  • 4.  RE: Excluding [%temp%\Test1] directory...

    Posted May 16, 2013 08:59 AM

    Understood and I feel your pain, believe me, but this option doesn't exist currently. Multiple enhancement ideas was created for it. See here:

    https://www-secure.symantec.com/connect/search/apachesolr_search/user%20profile%20variable?filters=type%3Aidea%20tid%3A691

     



  • 5.  RE: Excluding [%temp%\Test1] directory...

    Posted May 16, 2013 12:57 PM

    Current versions of SEP do not support exlusions on user's profiles per %userprofile% wildcard or similar - you would need to exlude each specific user profile folder separately - providing the full path to it. Have a look at below articles to check what prefix folder variables are supported in SEP for exclusions:

    Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 12.1

    Article:TECH183201  |  Created: 2012-03-07  |  Updated: 2012-09-13  |  Article URL http://www.symantec.com/docs/TECH183201

    Which variables and wildcards does Endpoint Protection allow in Centralized Exception Policies?

    Article:TECH106068  |  Created: 2008-01-30  |  Updated: 2013-02-28  |  Article URL http://www.symantec.com/docs/TECH106068

     

    Glossary of File/Folder Prefix Variables


    NAME OF PREFIX
    Description

    PROGRAM_FILES_COMMON
    A folder for components that are shared across applications. A typical path is C:\Program Files\Common Files

    SYSTEM
    The Windows System folder. A typical path is C:\Windows\System32 or C:\WINNT\System32

    COMMON_PROGRAMS
    The file system folder that contains the folders for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs

    COMMON_DOCUMENTS
    The file system folder that contains documents that common to all users. A typical path is C:\Documents and Settings\All Users\Documents

    PROGRAM_FILES
    The Program Files folder. A typical path is C:\Program Files

    COMMON_DESKTOPDIRECTORY
    The file system folder that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop

    WINDOWS
    The Windows folder or SYSROOT. This corresponds to the %windir% or %SYSTEMROOT% environmental variables. A typical path is C:\Windows or C:\WINNT

    COMMON_APPDATA
    The file system folder containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data

    COMMON_STARTUP
    The file system folder that contains all the programs that appear in the Startup folder for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs\Startup