I seem to be on a MacOS X roll lately...
On our MacOS X clients, user created Safezones get overwritten by our Centralized Exclusion Policy after every heartbeat interval. The MacOS X portion of our AV policy regarding Auto-Protect is set to "Scan Everywhere except specified folders." The specified folders are contained in our Centralized Exclusion Policy. Is the over writing of client added Safezones expected behaviour?
I ask because on the Windows side of the house, client created exclusions are honored regardless of policy updates.
For our Mac clients this is becoming a problem for our users that compile code. Auto-Protect wants to scan the files as they are compiled which slows down the compiling job. A user can create a Safezone that will be ignored by Auto-Protect, but it's only a temporary reprieve since the Safezone gets overwritten duing the next policy update. Turning off Auto-Protect itself essentially accomplishes the same thing since it will be turned on with the next policy update.
I realize I can created a centralized exception for a directory (say, user/*/code ) ,but unfortunately, compiling locations are not standardized amongst users. Trying to get them all to agree to on a common location may be difficult. That's why a user created Safezone would be ideal in this case.
Any insight on this topic would be appreciated.