Endpoint Protection

Going through the admin guide it says I can create a centralized execeptions policy to force true scan to detect a process and log it so I can later add that process to the policy when it has become a "detected process"- and change the behavior.

This is not working. I added notepad and cmd processes and they have not been logged. When I edit the centralized exceptions policy and attempt to add a detected process it is still blank.

I also checked the proactive threat protection logs on the client I found it didn't log it there either.

Hi,

Please, note that common commercial applications are white listed by Symantec hence you cannot force their detection. You need to find another sample or compile your own .exe for your tests.

Regards,

I made sure I used a process for a proprietary application that would not be on the white list and this is still not working.

Also, though I don't know if wildcards are supported here, I added a truscan process exception with the name "*" and still I get nothing logged.

How else can I troubleshoot why this isn't working? I updated the policy on the client and even rebooted just to be sure it was getting applied (checked the serial as well).

I hope you are not trying it on a Server O.S. PTP does not work there.

Hello,

The detection list would appear empty if the SEP client computers in your network have not yet made any detections.

You can force proactive threat scans to detect a particular process. When a proactive threat scan detects the process, and the management console receives the event, the process appears in the detected process list.