Exempt a folder from scanning not just risk detection...
Updated: 21 May 2010 | 5 comments
This issue has been solved. See solution.
Hello,
I'd like to ask if there is a way to stop SEP11 from scanning a folder at all (through Autoprotect and Scheduled Scans) instead of just stopping risk detection? It doesn't make sense to me to have SEP11 scan through a folder that you have decided you don't want risk alerts on. Also folders that have large size as well as a large number of compressed files like C:\MSOCache (and ones custom to certain depts) are causing a lot of scanning errors and because of their size are prolonging the scan time.
If, as I suspect, Centralized Exceptions can not do the above are there plans to include it?
discussion Filed Under:
Comments
Yes it is possible.BY Centralized exception itself!
We can add centralized exceptions for the same!!
>>How to add a Centralized Exception for a detection that is not included with Known Security Risk Exceptions in the Centralized Exception Policy.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008100706493648
>>Making exceptions using centralized exception policies in Symantec Endpoint Protection
http://service1.symantec.com/support/ent-security.nsf/docid/2008030423280248
>>Symantec Endpoint Protection Manager - Centralized Exceptions - Policies explained
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008032010550448
>>How to add a Security Risk Exception in the Endpoint Protection Manager
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121808365448
>>How to create an exception for a known valid process flagged by Proactive Threat Protection
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007120611022848
Cheers,
Shan.
Few More Links for your reference!!
Few more Links For your reference!
>>How to configure Tamper Protection in Symantec Endpoint Protection 11.0
http://service1.symantec.com/SUPPORT/ent-security....
>>How to create an exception for a specific risk that is not listed in the list of known risks on the Symantec Endpoint Protection Manager
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008092302060248
Cheers,
Shan.
Thats a nice message man
This is a very intresting one..
Centralised exception does it all
Once you have put an exception for a file or folder...no scan will scan those folders.
be it Scheduled,Active/Quick or Auto-protect.
Main reason for scanning error is when the Decompresser engine cannot extract a file like CAB ,TAR...password protected files..
But once you put it under centalised exception it wont scan it...
Tamper Protection does not do the scan ( So no need to put these files or folders under Tamper Protection exceptions )
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Centralized Exceptions...
Vikram,
I was going off of experiences reported to me by an app analyst, I'll try to get her scan logs to see if they support what been told. Thanks for the response.
My blog: http://www.scottfromsecurity.com/blog
Would you like to reply?
Login or Register to post your comment.