Video Screencast Help

Exclusion

Created: 11 Mar 2013 • Updated: 20 Mar 2013 | 14 comments
Jaredirk's picture
This issue has been solved. See solution.

Hi guys!

I would like to ask a few questions:

1. On the folder and file excluions, do I need to type the exact location?

O can i use the folder or filename already.

Example Temp folder or tmp.edb file?

2. On the program files, windows or system exclusions, I assume that they use the C drive location.

What if the location is on E or F. will this excluions work or I have now to specify the entire path?

3. Some microsoft exclusions has a "*" symbol on the file, how do I put it or interpret that?

Ex. Ntfrs*.*

4. Is the excluions dependent on the file or folder name? I'm talking if it doesn't matter if I include them in either uppercase or lowercase?

Ex. Is Windows\Temp can also be recognized as Windows\TEMP on the console? 

Operating Systems:

Comments 14 CommentsJump to latest comment

Rafeeq's picture

These are the wild cards supported.

 

Exclusions and Wildcards - Symantec Endpoint Protection (SEP) Clients have them and the Symantec Endpoint Protection Manager (SEPM) does not.

 

http://www.symantec.com/business/support/index?pag...

Rafeeq's picture

 

1. On the folder and file excluions, do I need to type the exact location?

O can i use the folder or filename already.

Example Temp folder or tmp.edb file?

-> you can exclude the entire folder or just a file inside the folder.

 

 

2. On the program files, windows or system exclusions, I assume that they use the C drive location.

What if the location is on E or F. will this excluions work or I have now to specify the entire path?

-> other than OS drive you need to specifiy the exact path.

3. Some microsoft exclusions has a "*" symbol on the file, how do I put it or interpret that?\

 

--> * and ? are not supported in Symantec. You can specify all the files individually

from MS * means NTDS.dit or ntds.pat

Edit: For AD and EXchange these exclusions are automatically created during installation. Here is the document

http://www.symantec.com/business/support/index?pag...

 

4. Is the excluions dependent on the file or folder name? I'm talking if it doesn't matter if I include them in either uppercase or lowercase? 

---> upper or lower case does not matter.

John Santana's picture

hi Rafeeq,

So does the exception policy will be created automatically in the client when the SEP is installed on AD DC servers, Exchange and SQL server ?

Kind regards,

John Santana
IT Professional

--------------------------------------------------

Please be nice to me as I'm newbie in this forum.

Jaredirk's picture

Thanks for the swift answer

heres my follow question:

1. Im thinking for example, If i put Temp on the folder exclusions; I assume that all folders with Temp will be excluded regardless of drive since my variable is set to NONE.

4. So It also doesn't follow even the combination of upper case and lower case letters on the original from the SEP console?

Rafeeq's picture

1) it you do not select the prefix variable it will be from everywhere.

Edit:https://www-secure.symantec.com/connect/forums/security-risk-file-exceptions-no-prefix-variable-means-any-instance-file

http://www.symantec.com/business/support/index?pag...

I will double check on this and will get back to you ; just to be sure. :)

2) its windows limitiation is windows Folder and FOLDER are one and the same

Jaredirk's picture

If I have to exlcude Filetable*, it means I have to manually input any folders after Filetable?

Like Filetable1, Filetable2 and so forth?

Jaredirk's picture

Ex, exclude *.xml files in Temp folder, how to interpret this?

Rafeeq's picture

Yes, in Symantec only ? is supported for Extensions. Ex.

Folder.?xe  , will exclude Folder.Axe, Folder.Bxe, Folder.Cxe..and so on

but * is not supported for File names. you add to add them manually :) 

Jaredirk's picture

Is ? applicable to folder or file names?

Rafeeq's picture

its applicable  Only to Extensions. 

 

SOLUTION
Jaredirk's picture

In file exceptions, can i just input the file name or the whole path where the file is located?

Same with folder exceptions, if i can just type the folder without entering the whole path where it is located.

Jaredirk's picture

Hello, how do I interpret this?

 

%AllUsersProfile%\Ntuser.pol 
%UserProfile%\Ntuser.pol
Jaredirk's picture

If there are many profiles with the ntuser.pol file then I have to add them manually?

Ex.

C:\Users\Jay\Ntuser.pol

C:\Users\Karen\Ntuser.pol

 

or can i use this:

C:\Users\Default\Ntuser.pol

C:\Users\All Users\Ntuser.pol

 

so regardless of who logged on the machine?

followup:

---> In file exceptions, can i just input the file name or the whole path where the file is located?

Same with folder exceptions, if i can just type the folder without entering the whole path where it is located.

especially it is located on differenr locations

reference: https://www-secure.symantec.com/connect/forums/security-risk-file-exceptions-no-prefix-variable-means-any-instance-file