Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

MacOSX: Normal for user created Safezones to be Overwritten by Centralized Exclusion Policy?

  • 1.  MacOSX: Normal for user created Safezones to be Overwritten by Centralized Exclusion Policy?

    Posted Dec 28, 2010 05:36 PM

      I seem to be on a MacOS X roll lately...

      On our MacOS X clients, user created Safezones get overwritten by our Centralized Exclusion Policy after every heartbeat interval. The MacOS X portion of our AV policy regarding Auto-Protect is set to "Scan Everywhere except specified folders." The specified folders are contained in our Centralized Exclusion Policy. Is the over writing of client added Safezones expected behaviour?

     I ask because on the Windows side of the house, client created exclusions are honored regardless of policy updates.

     For our Mac clients this is becoming a problem for our users that compile code. Auto-Protect wants to scan the files as they are compiled which slows down the compiling job. A user can create a Safezone that will be ignored by Auto-Protect, but it's only a temporary reprieve since the Safezone gets overwritten duing the next policy update. Turning off Auto-Protect itself essentially accomplishes the same thing since it will be turned on with the next policy update.

     I realize I can created a centralized exception for a directory (say, user/*/code ) ,but unfortunately, compiling locations are not standardized amongst users. Trying to get them all to agree to on a common location may be difficult. That's why a user created Safezone would be ideal in this case.

    Any insight on this topic would be appreciated.

     

     

     

     

     

     



  • 2.  RE: MacOSX: Normal for user created Safezones to be Overwritten by Centralized Exclusion Policy?

    Posted Dec 28, 2010 06:58 PM

    I've run across this before--funnily, I thought that was on here, on the forums--and unfortunately this seems to be expected behaviour.  This document hints towards this:

    The SEP for Mac client can be tuned either via policy from the Symantec Endpoint Protection Manager (SEPM) (if this is a managed client), or directly from the Symantec Auto-Protect preference pane in System Preferences and the Symantec Scheduler (if this is an unmanaged client).

    If I can find anything more I'll report back.

    sandra



  • 3.  RE: MacOSX: Normal for user created Safezones to be Overwritten by Centralized Exclusion Policy?

    Posted Jan 05, 2011 08:11 PM

      Hi all,

      I placed a support request regarding this issue. Supported contacted the developer team and they stated that the behaviour I'm seeing is expected.

      They went on to state that the MacOS X client should behave more like the Windows version post release verion 12 of SEP; possibley by 12.1.

      Sandra, if you're interested, the case # is 413-447-679

     

     



  • 4.  RE: MacOSX: Normal for user created Safezones to be Overwritten by Centralized Exclusion Policy?

    Posted Jan 06, 2011 10:07 AM

    Excellent, thanks a bunch.

    sandra