Recommended Centralized Exceptions

WebAdmin's picture
WebAdmin
February 26th, 2008
Are there recommended Centralized Exceptions for SEP like there were in prior versions of SAV that Symantec suggests to implement on the server?
Filed under: ,
+1 (1 vote)
Lynn descovich's picture
Lynn descovich
1 year 38 weeks ago

Yeah and you only have to set it once or you can create different ones
Very nice.
 
Go to Policies
In the first pane, under view policies the last item is Centralized Exceptions
under tasks (lower corner of the 1st pane) you can add or import the exceptions
I actually found it easier and cleaner just to add.
0 votes
WebAdmin's picture
WebAdmin
1 year 38 weeks ago

I understand how to create Centralized Exceptions, my question was are there any recommended exceptions to implement. In SAV 10.2 they always recommended creating excetipns for Symantec Mail Security (\Program Files\Symantec\SMSMSE) and others and was wondering if Symantec has any they recommend for SEP installs?
0 votes
Lynn descovich's picture
Lynn descovich
1 year 38 weeks ago

oh... yeah that would be nice.
I have not seen any.
I have used the recommended exceptions listed under 10.x though
 
Plse post if you find something and I will too
 
0 votes
Lynn descovich's picture
Lynn descovich
1 year 38 weeks ago

found this article  in the knowledge base.
Found it searching for something completely different, but it might help you
 
About the automatic exclusion of files and folders for Microsoft Exchange server and Symantec products
0 votes
ym1's picture
ym1
1 year 38 weeks ago

These are some of the ones I use. Most are blankit policy's and may not appy to your setup

Remacc.Radmin
JKDefrag.exe
Program files\office\office11\MSaccess.exe
Program files\Spiceworks\pkg\gems\spiceworks_common-2.0.17490\productkey.exe
Program files\Sunbelt Software\CounterSpy\Agent\SBCSESVC.exe
Program files\NovaNet-Web Backup.  "The Whole folder
hww "whole folder
.mdb

Hope that helps some.

ym



Message Edited by ym1 on 02-26-2008 04:01 PM

0 votes
ted_groony's picture
ted_groony
1 year 38 weeks ago

Although this isn't a Centralized Exception as such, it's 'sort-of related' and may be of some use...

We use Real VNC here - and before everyone starts shouting at me: yes, the users do know about it, and no we're not spying on people. But we do have 3 different offices on 3 different floors of 2 different buildings so it does save a lot of legwork.

But SEP (v11.0.1000.1375) keeps flagging Real VNC up as a Commercial App (well, duh!) so we're trying out the disable logging option in SEPM to see if we can kill those annoying pop-ups that appear on the client PCs.

In SEPM console go to Policies > View Policies > Antivirus and Antispyware.
Double click in the right-hand pane to open a new window > Click Proactive Threat Scan > Select Detecting Commercial Apps > Set your preferred option and click on the little padlock icon when you're done.

0 votes
WebAdmin's picture
WebAdmin
1 year 38 weeks ago

Thanks for all the great feedback and suggested exclusions. I haven't been able to find anything more than the ones suggested in 10.2 and don't know if Symantec still recommends these for SEP? I'll keep digging.
0 votes
WebAdmin's picture
WebAdmin
1 year 38 weeks ago

Another way to word my orignal question is, does this article apply to SEP? I know it doesn't state that at the end of the article. I'm just being paranoid wondering if they haven't updated the article yet and these exclusions still apply or has SEP been designed where this is not necessary?
 



Message Edited by WebAdmin on 02-28-2008 01:23 PM

0 votes
Voodoo's picture
Voodoo
1 year 31 weeks ago

In SEP 11.x you can import an exception file specific for Small Business Server 2003, the URL is found on page 8 of Windows Small Business Server 2003 Best Practices white paper. This is in the documentation folder on CD1. This added the SQL exceptions and the exception for Mail Security 6.0. The exceptions for Exchange Server 2003 are created automatically and do not show in the Centralized Exception List. You can find these in the registry under HLKM\Software\Symantec\Symantec Endpoint Protection\AV\Exclusions\Exchange Server. These are dynamic and based on the Exchange registry keys that specify where the Exchange components and databases are located. You should not edit these directly. You will see that most of what is in the document you reference are included in the registry already.
 
There is anothe nice list hear for domain controllers:
 
There may be more as others have noted for your specific applications and evironment
 
Hope this helps,
0 votes
Paul Murgatroyd's picture
Paul Murgatroyd
1 year 31 weeks ago

a few things to mention here:

With SEP Client pre MR2, we automatically excluded all the correct Exchange folders for Exchange 2000 - 2007, if we detected Mail Security installed, we put exclusions in for that too. There are no other automatic exclusions in SEP Client prior to MR2. Its worthwhile contacting the supplier or vendor of your applications for their AV recommendations.

With SEP Client post MR2, we have added a few more things... not only do we exclude Exchange and SMS as before, but also:

If the SEP client is installed on a SEPM with an embedded database, we exclude the database
If the SEP client is installed on a Domain Controller, we exclude the specific DC files and folders as recommended by Microsoft in their KB.

All this is automatic in the client if you have MR2 installed.

More are coming too, we thought that these were the big ones for MR2 though...

Paul Murgatroyd
Principal Regional Product Manager, Enterprise Security Group, Symantec
Endpoint twitter feed: http://twitter.com/symc_endpoint

0 votes
LiamGE3's picture
LiamGE3
1 year 24 weeks ago

Paul,
 
Are these exceptions documented anywhere aside from this post?
 
I need to prove to my manager that I don't need to exclude DC's and Exchange Servers and that SEP will automatically do it before I go ahead and install it. ie showing him the reg keys is not possible till after its installed.
 
An entire list of exceptions would be nice, and would save me the trouble of excluding things that SEP will exclude by default anyway.
 
Thanks,
 
Liam
0 votes
LiamGE3's picture
LiamGE3
1 year 24 weeks ago

Ignore that, I RTFM and found it in the Admin Guide.
0 votes
norman's picture
norman
1 year 17 weeks ago

I have looked through the admin guide and cannot find a list of "embedded" exceptions - could someone kindly point it out to me. 

 

I would also find it useful to have a list of generic windows server & Ms server apps recommended exceptions to cover those not included in the first list.

 

Thanks

0 votes
Eduardo Menegalli Nazato's picture
Eduardo Menegalli Nazato
24 weeks 5 days ago

Asking the questions again

(reusing the topic to ask its questions again)

Do I need to create a Centralized Exception policy to exclude the scan of the pagefile.sys file? And what about the spool folder?
And the feature of auto excluding Exchange folders is still valid in MR4, right?

Is there any other recommended system file or folder exclusion?

Thanks ;)

0 votes