Video Screencast Help
Search Video Help Close Back
to help

Proper Syntax For Exceptions SEP 11

Created: 28 Feb 2013 | Updated: 07 Mar 2013 | 3 comments
The_yeti's picture
The_yeti
0 0 Votes
Login to vote
This issue has been solved. See solution.

All,

I need a confirm on the proper way to set up folder Exceptions in SEP 11.

I set up the policy and verified that the Registry has the setting, it does.  BUT, the registry reports it as %[WINDOWS]%SoftwareDistribution\Datastore\Log

Windows of course does not process %[WINDOWS]%

When I go to Centralized Exceptions --> Add --> Windows Exceptions --> folder exceptions

I have the options for Prefix, and then folder.

What is the proper thing to put in here?

I am thinking that if I want to exclude for example C:\windows\SoftwareDistribution, I would do:

Prefix [NONE]

and then just put in %windir%\SoftwareDistribution.

Can anyone Confirm or Deny this ?

Discussion Filed Under:
, ,

Comments 3 CommentsJump to latest comment

Brian81's picture
Brian81 Trusted Advisor
Proper Syntax For Exceptions SEP 11 - Comment:28 Feb 2013 : Link

I have always found it is best to leave prefix at NONE and add the full path. I was never a fan of adding a prefix. I usually just put in the full path. I know the wildcards * and ? are not supported per this KB:

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 11

Article:TECH104326  |  Created: 2008-01-04  |  Updated: 2012-05-09  |  Article URL http://www.symantec.com/docs/TECH104326

 

Note: Wildcard variables such as * and ? are not supported for Known Risks, File, or Folder exceptions. The ? wildcard is supported for Extension exceptions. The Folder exceptions screen will accept * and ? but they will be treated as literal characters and not wildcard variables.

Since that is the Prefix SEPM uses, I would have to assume it will work. Try dropping the eicar test file in that excluded directory. Or just setup the exclusion for C:\WINDOWS\[your folder name]

SEP Knowledge Base

Endpoint SWAT

0
Login to vote
  • Actions
Rafeeq's picture
Rafeeq
Proper Syntax For Exceptions SEP 11 - Comment:28 Feb 2013 : Link

 

Please, note that the variables on SEP are referring to the variables in the computer:

[program files] in SEP = %programfiles% in the system

 

If you have:

in system A
SQL installed on C:\Program Files\SQL
and %programfiles%=C:\Program Files
 

in system B
SQL installed on D:\Program Files\SQL
and %programfiles%=D:\Program Files
 

the exclusion %programfiles%\SQL works on both A and B.

If in system B you have:
SQL installed on D:\Program Files\SQL
but %programfiles%=C:\Program Files

the exclusion %programfiles%\SQL does not work on B because it reads C:\Program Files\SQL which is not correct for B.

To check on the fly the value of a variable on a given system, just enter it in Start > Run..

 

back slash also does not needed

 

Using Prefix Variables for Security Risk Folder Exceptions in your Centralized Exceptions Policy.

http://www.symantec.com/business/support/index?page=content&id=TECH92938&locale=en_US

.

 

 

Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq

SOLUTION
0
Login to vote
  • Actions
hforman's picture
hforman
Proper Syntax For Exceptions SEP 11 - Comment:05 Mar 2013 : Link

%Windows% does not look correct.  It should be "windir".  Also, the threat name should not be a location.  When you created the exclusion did you put it as a threat exclusion or a folder exclusion?

0
Login to vote
  • Actions