Endpoint Protection

 View Only

  • 1.  Exclusions explanation

    Posted Sep 10, 2013 04:50 AM

    Helo everyone. Could someone explain how the exclusions difference between folder exclusion and file exclusion? What I'm confused about is the note in this article: http://www.symantec.com/business/support/index?page=content&id=TECH105240&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1378802577244p9p6nJX36Gw61bE093Bp87F0E95Bhxr4XGc2H

     

    Note: It is necessary to exclude the folders containing these files for maximum effectiveness. Folder based exclusions are processed before AutoProtect or scheduled scans access a file where file name or extension based exclusions are processed after the scan happens.

     

    Do I understand correctly that file defined in exclusion will still be scanned by autoprotect realtime or schedulled scan? So no matter I define the file, scan will still touch it on the machines and bring additional load? Thank you.



  • 2.  RE: Exclusions explanation

    Trusted Advisor
    Posted Sep 10, 2013 05:08 AM

    Hello,

    When the Folder Exclusions are created, AutoProtect or scheduled scans would exclude all the files within the folder from scanning.

    Hope that helps!!



  • 3.  RE: Exclusions explanation

    Posted Sep 10, 2013 05:50 AM

    Right, if its folder exclusions scans / ap will not touch it

    file is excluded scans/ ap will touch but no action taken as its excluded. when it comes to performance, folder exclusion is needed.



  • 4.  RE: Exclusions explanation

    Posted Sep 10, 2013 06:02 AM

    Thanks. So even the:

    ...where file name or extension based exclusions are processed after the scan happens.

    is not correct? You say no action is taken, but I do understand the note as - the scan will be executed on the file normally (like there's no exclusion) but after that no action will be taken - quarantine, reporting etc. So basically the file exclusion is useless in performance like settings - excluding pagefile.sys etc...



  • 5.  RE: Exclusions explanation

    Posted Sep 10, 2013 07:00 AM

    lets imagine you have excluded a folder C:\Program files\SQL and  a file C:\program files\Folder\Something.exe

    Scheduled scan is at 10:00 PM.

    Since Folder based exclusions are processed first 

    SQL folder will not be touched at all.

    2) coming to file exclusion. for

    C:\program files\Folder\Something.exe

    it will scan  the something.exe first then it will compare wheater to leave it alone or take action , its excluded so it will leave it.

    Thats why excluding file is like scanning and then excluding.

    excluding Folder is no scanning at all..( AFAIK this is what happens) 

     

     

     

     

     

     



  • 6.  RE: Exclusions explanation

    Posted Sep 10, 2013 07:08 AM

    HI,

    Exclude a file from virus and spyware scans

    Supported on Windows and Mac clients.

    Excludes a file from virus and spyware scans.

    Note:

    File exceptions do not apply to SONAR. To exclude a file from SONAR, use an application exception.

    Exclude a folder from scans

    Supported on Windows and Mac clients.

    Excludes a folder from virus and spyware scans, SONAR, or all scans on Windows clients. You can also exclude a folder from virus and spyware scans on Mac clients.

     

    Regards

    Ajin



  • 7.  RE: Exclusions explanation

    Trusted Advisor
    Posted Sep 10, 2013 07:12 AM

    Hello,

    If I am not mistaken, it should be "whereas file name or extension based exclusions are processed after the scan happens."

    Let me come back to you on this.



  • 8.  RE: Exclusions explanation

    Posted Sep 11, 2013 03:11 AM

    Thank you for answer. Do you know or have seen any comparison of performance impact on the server, when having pagefile.sys excluded with file exclusion, so being scanned by real time scan?



  • 9.  RE: Exclusions explanation

    Posted Sep 11, 2013 03:57 AM

    Never got a chance...:)