Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Proper Syntax For Exceptions SEP 11

Created: 28 Feb 2013 • Updated: 07 Mar 2013 | 3 comments
This issue has been solved. See solution.

All,

I need a confirm on the proper way to set up folder Exceptions in SEP 11.

I set up the policy and verified that the Registry has the setting, it does.  BUT, the registry reports it as %[WINDOWS]%SoftwareDistribution\Datastore\Log

Windows of course does not process %[WINDOWS]%

When I go to Centralized Exceptions --> Add --> Windows Exceptions --> folder exceptions

I have the options for Prefix, and then folder.

What is the proper thing to put in here?

I am thinking that if I want to exclude for example C:\windows\SoftwareDistribution, I would do:

Prefix [NONE]

and then just put in %windir%\SoftwareDistribution.

Can anyone Confirm or Deny this ?

Comments 3 CommentsJump to latest comment

Brɨan's picture

I have always found it is best to leave prefix at NONE and add the full path. I was never a fan of adding a prefix. I usually just put in the full path. I know the wildcards * and ? are not supported per this KB:

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 11

padding: 1px;padding-bottom: 3px ;font: 12px Arial; text-align: left;">Article:TECH104326 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 0px;font: 12px Arial; text-align: left;">Created: 2008-01-04 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Updated: 2012-05-09 padding: 1px;font: 12px Arial; text-align: left;"> |  padding: 1px;font: 12px Arial; text-align: left;">Article URL http://www.symantec.com/docs/TECH104326

Note: Wildcard variables such as * and ? are not supported for Known Risks, File, or Folder exceptions. The ? wildcard is supported for Extension exceptions. The Folder exceptions screen will accept * and ? but they will be treated as literal characters and not wildcard variables.

Since that is the Prefix SEPM uses, I would have to assume it will work. Try dropping the eicar test file in that excluded directory. Or just setup the exclusion for C:\WINDOWS\[your folder name]

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Please, note that the variables on SEP are referring to the variables in the computer:

[program files] in SEP = %programfiles% in the system

If you have:

in system A
SQL installed on C:\Program Files\SQL
and %programfiles%=C:\Program Files
 

in system B
SQL installed on D:\Program Files\SQL
and %programfiles%=D:\Program Files
 

the exclusion %programfiles%\SQL works on both A and B.

If in system B you have:
SQL installed on D:\Program Files\SQL
but %programfiles%=C:\Program Files

the exclusion %programfiles%\SQL does not work on B because it reads C:\Program Files\SQL which is not correct for B.

To check on the fly the value of a variable on a given system, just enter it in Start > Run..

back slash also does not needed

Using Prefix Variables for Security Risk Folder Exceptions in your Centralized Exceptions Policy.
http://www.symantec.com/business/support/index?page=content&id=TECH92938&locale=en_US

.

SOLUTION
hforman's picture

%Windows% does not look correct.  It should be "windir".  Also, the threat name should not be a location.  When you created the exclusion did you put it as a threat exclusion or a folder exclusion?