One easy way to see if your Centralized Exceptions are applied to your client is to open up the registry and see if they are listed under our exclusions.

This document should show you where to check:

Title: 'How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory'
Document ID: 2008090512574448
> Web URL: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008090512574448?Open&seg=ent

Hope that helps!

Thanks for the quick response.  I don't have direct access to the servers so I will have the sysadmin check it out.

Thanks again,

One easy way to see if your Centralized Exceptions are applied to your client is to open up the registry and see if they are listed under our exclusions.

This document should show you where to check:

Title: 'How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory'
Document ID: 2008090512574448
> Web URL: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008090512574448?Open&seg=ent

Hope that helps!

http://myitforum.com/cs2/blogs/rtrent/archive/2008/07/07/guidelines-for-anti-virus-exclusions-for-microsoft-applications.aspx 

FWIW,

Ray

Another way to test the exclusions are with an anti-malware test file.
You can download an anti-malware test file (it is inoffensive) from www.eicar.org.
For example download the .zip sample and save it in a folder that should not be scanned, then try to unzip the sample and see if it is allowed or blocked by the AV.
In another folder the sample will be detected and removed.

Cheers,

The registry check showed what the exclusion settings are on the local client.

Shouldn't their be an entry in a scan log that states what folders and files are being excluded?????

Thanks Ray, for the document pointer, but I already have this document.  It was a good place to start when you don't know where to start.  I used some and I had to customize based on how the enviroment was setup.  Different drive letters, different folder locations...etc.

Still working on finding the optimal setup.  We definitely don't want corrupt, crash, or lock anything to do with our databases.  But we also don't want it to take 3 days to scan a server either.

The Eicar file idea should work and I'll keep that in mind.

I really just want the product to tell me what it is or is not doing.

I don't believe that the scan logs say anything about files ommited due to exceptions.  We omit some directories on one of our servers and I remember ever seeing anything to that effect.  I know I was curious as to if it was working correctly and the Symantec tech showed me where to find the registry key which shows what is being excluded.  I just assumed that it was working after seeing the key.  It is odd that it does list the files it can't access as scan omissions though.

We just looked at the registry settings on an Exchange Server which I also created a Centralized exceptions policy to exclude certain folders.

At what point would the settings from the Centralized exception policy be written into the registry?

What if the policy said to exclude R:\  but on that particular server there was no R:  ?  Would the exclusion still be written into the registry?

I stumbled on it.

Here is the locatin in the registry where you can see the centralized exceptions in the local clients registry.  It doesn't validate that they are being used properly, though, but none the less.

HKLM\Software\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines

I stumbled on it.

Here is the locatin in the registry where you can see the centralized exceptions in the local clients registry.  It doesn't validate that they are being used properly, though, but none the less.

HKLM\Software\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines

I think the best way to test whether centralized exceptions are working or not is to download a test malware file from www.eicar.com and then put it in the exception list. Run full scan, if it is ommitted then exception is working.

testing solution is great

You can test it out from the registry it self how ever if you wanna be sure and its just one or two server on which have to make the exceptions (exchange and SQL server)
I would suggest go for User-Defined Exception.

Try if this link can help you.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008090512574448?Open&seg=ent

It's really a very good link provided by Ajitjha

Thanks Ajitjha for mthe link.

http://service1.symantec.com/SUPPORT/ent-security....

try this link