Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

FileExceptions vs NoScanDir registry keys

Created: 24 Jun 2010 | 2 comments
Doug Mortensen's picture
What is the functional difference between these keys found in the registry under the SEP Exclusions? Does one apply to scans, and the other auto-protection?
 
Thanks,
-
Doug Mortensen
Impala Networks

Comments 2 CommentsJump to latest comment

Ryan_Dasso's picture

I may be wrong, but I believe FileExceptions is for file exceptions and NoScanDir is for folder exceptions.

AravindKM's picture

9. Exclusion –Centralized Exceptions

32 bit

i. Security Risk Exceptions

User Defined Exceptions

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ClientRiskExceptions

Lock – 0- means the client can create Centralized Exceptions for Known Security Risks 1 – means this optioned is locked by the administrator in SEPM.

And Under the ClientRiskExceptions\1234567890 (normally a 10 digit numerical folder ) you will find the Known Security Risk exceptions created by the users.

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\AdminRiskExceptions

Under the AdminRiskExceptions\1234567890 (normally a 10 digit numerical folder ) you will find the Known Security Risk exceptions created by the Admin from SEPM.

ii. Proactive Threat Protection Exclusions

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\HeuristicScanning\FileHash

\Client\ 0728bd2bb1774b9728f60d33bc1f95172374e950–(The long hexadecimal numbers point to the filehash for the excluded file ) For the exclusions created by the user

\Admin\ 0728bd2bb1774b9728f60d33bc1f95172374e950 - (The long hexadecimal numbers point to the filehash for the excluded file ) - For exclusions made by Admin from SEPM.

Same with Directory , Files and Folder Exclusions

iii. Directory

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines\Directory

\Admin and \Client

iv. Files

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines\FileName

\Admin and \Client

v.Extensions

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines\Extensions\

\Admin and \Client

vi. Symantec also excludes it own Embedded Database from Scanning

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\Symantec Embedded Database\FileExceptions

Out.log, Sem5.log and Sem5.db are excluded.

vii. To Verify Exchange Server exclusions on 32 Bit System

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\Exchange Server

\FileExceptions and \NoScanDir

On 64 Bit system

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions

\FileExceptions and \NoScanDir

Ref:Symantec Endpoint Protection –Few Registry Tweaks.

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind