Endpoint Protection

Hi!

I have a problem: Every time our developers compile their files, the popup "<The file> has changed since the last time you used it. ... Do you want to allow it to access the network?" occurs (because this file changes every time, the developers change or add code), so they need to select "Yes" and to execute it again, then everything works fine.

I already added this file (and for testing purposes the whole folder) to the "Unmonitored Application List" and in every other exception list I found, but the popup occurs again on the client computers, so I tried to disable the "Ask" option just for this file(s), but I can only disable the ask-option for all (switch to Allow and log), but basically, I want this ask function for all other applications.

Is there a way to disable this popup for the Application they want to execute?

Regards, TWSS

The version is 12.1.2015.2015...

is it happening on the same machine?

It's happening on all developer machines...

are the application same binary or different one?

if it is on same machine suggest to open a support ticket.

There are 7 binary files they use, this problem occurs on about 15 clients every time they change or add code.

Symantec Endpoint Protection clients will only get the Network Application Monitoring settings from the Symantec Endpoint Protection Manager if they are in Server Control Mode.

In Mixed or Client Control Modes, Network Application Monitoring has two options, enabled or disabled. This means that if Network Application Monitoring is enabled, the user will get prompted everytime there is a change to a Network Application.

what mode your clients are ?

They are in server control mode...

"...so I tried to disable the "Ask" option just for this file(s), but I can only disable the ask-option for all (switch to Allow and log), but basically, I want this ask function for all other applications."

The option you mention here will apply to all of the detected applications as per: http://www.symantec.com/docs/TECH102994

Adding the specific app executable to Unmonitored Application list should do the trick and exlude this app from being monitored and should not generate any notices - can you confirm that you added that executable as per article below to the list in specific client group that is affected and that those clients have already taken over the new policy settings?

Symantec Endpoint Protection states that "an application has changed since the last time you used it."

Yes, I can confirm that I added all these executables, i typed it in as well as I added them via "Add From..." with search criteria "Based on Applications", where I could find all these executables.

I can also confirm, that at least one client (which I use to test) applied the changed policy (I can see it in the client management / system log).