Video Screencast Help

Exclusions explanation

Created: 10 Sep 2013 | 8 comments

Helo everyone. Could someone explain how the exclusions difference between folder exclusion and file exclusion? What I'm confused about is the note in this article: http://www.symantec.com/business/support/index?page=content&id=TECH105240&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1378802577244p9p6nJX36Gw61bE093Bp87F0E95Bhxr4XGc2H

 

Note: It is necessary to exclude the folders containing these files for maximum effectiveness. Folder based exclusions are processed before AutoProtect or scheduled scans access a file where file name or extension based exclusions are processed after the scan happens.

 

Do I understand correctly that file defined in exclusion will still be scanned by autoprotect realtime or schedulled scan? So no matter I define the file, scan will still touch it on the machines and bring additional load? Thank you.

Operating Systems:

Comments 8 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

When the Folder Exclusions are created, AutoProtect or scheduled scans would exclude all the files within the folder from scanning.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Rafeeq's picture

Right, if its folder exclusions scans / ap will not touch it

file is excluded scans/ ap will touch but no action taken as its excluded. when it comes to performance, folder exclusion is needed.

Edoksus's picture

Thanks. So even the:

...where file name or extension based exclusions are processed after the scan happens.

is not correct? You say no action is taken, but I do understand the note as - the scan will be executed on the file normally (like there's no exclusion) but after that no action will be taken - quarantine, reporting etc. So basically the file exclusion is useless in performance like settings - excluding pagefile.sys etc...

Mithun Sanghavi's picture

Hello,

If I am not mistaken, it should be "whereas file name or extension based exclusions are processed after the scan happens."

Let me come back to you on this.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Rafeeq's picture

lets imagine you have excluded a folder C:\Program files\SQL and  a file C:\program files\Folder\Something.exe

Scheduled scan is at 10:00 PM.

Since Folder based exclusions are processed first 

SQL folder will not be touched at all.

2) coming to file exclusion. for

C:\program files\Folder\Something.exe

it will scan  the something.exe first then it will compare wheater to leave it alone or take action , its excluded so it will leave it.

Thats why excluding file is like scanning and then excluding.

excluding Folder is no scanning at all..( AFAIK this is what happens) 

 

 

 

 

 

 

Edoksus's picture

Thank you for answer. Do you know or have seen any comparison of performance impact on the server, when having pagefile.sys excluded with file exclusion, so being scanned by real time scan?

AjinBabu's picture

HI,

Exclude a file from virus and spyware scans

Supported on Windows and Mac clients.

Excludes a file from virus and spyware scans.

Note:

File exceptions do not apply to SONAR. To exclude a file from SONAR, use an application exception.

Exclude a folder from scans

Supported on Windows and Mac clients.

Excludes a folder from virus and spyware scans, SONAR, or all scans on Windows clients. You can also exclude a folder from virus and spyware scans on Mac clients.

 

Regards

Ajin