Endpoint Protection

 View Only

  • 1.  Scans Exception

    Posted Aug 30, 2016 10:45 PM

    Hi all,

    Hope someone can guide me regarding the exception configuration

    We have an existing policy for Scan that will "quarantine" all the detected malicious file

    And we also have an existing policy for exception to except a path for scanning

    We have more than 11k clients and the scan policy is applied to all of them

    And this exception policy is only applied to certain groups with server type clients and will only take effect for the servers having the path that we define in the exception policy

    Now, our customer is requesting to include the path (currently in the exception policy) to be scanned also BUT instead of quarantine, they just wanted the action of SEP to be "log only"

    My 1st initiative is to collect all the server type and regroup them into a folder so we can just create a dedicated policy for the server type clients.

    is there any other way for us to "scan the path but it will only log (not quarantine) the detected malicious files?"

    Thank you

    Regards

    Winston V.P.



  • 2.  RE: Scans Exception
    Best Answer

    Posted Aug 30, 2016 11:00 PM

    The purpose is to exclude a specific path from the virus scan and this is exactly what will be done. There is no option to scan but "log" for the virus scanning component. Any exceptions that are added to the exception policy (extensions, file, folder) do not have the option to be logged and will just be excluded.

    The exception to this is if you add a "Known Risks" exception, you do have the option to log if detected. It is also very dangerous to add a known risk to the exception policy as you're excluding an entire category. You can also add an "Application" or "Application to Monitor" exception but this is probably not what you want.

    Long story short: There is no option to log detections when adding a folder path as an exception.



  • 3.  RE: Scans Exception

    Posted Aug 31, 2016 12:27 AM

    Thanks Brian

    But is there a configuration for a "specific path" to be scanned but it will only log any detection?

     



  • 4.  RE: Scans Exception

    Posted Aug 31, 2016 12:59 AM

    No, thats not possible.

    you can have this enabled, manually

    How to log all files and directories scanned during On-Demand / Scheduled Scan with Symantec Endpoint Protection 11.x and 12.1

    https://support.symantec.com/en_US/article.TECH103126.html



  • 5.  RE: Scans Exception

    Posted Aug 31, 2016 01:30 AM

    Hi Rafeeq

    Thank you for that, upon checking the article that you share, it seems that the client will list every directory that is being scanned, what i mean about "log" is the "action" after detection of a malicious file, instead of quratined, the suspicious file will only be left alone or SEP will not do anything about the detected file, and will message the user that there's a detection and the descretion of user is needed if they wanted to delete, quarantine or just leave it alone. hope you get my point

    Thanks



  • 6.  RE: Scans Exception
    Best Answer

    Posted Aug 31, 2016 02:06 AM

    Not possible Winston, a mailicious file can be from any category and we cannot overrite all of them to leave it alone and also it does not have any just log function.

     

     



  • 7.  RE: Scans Exception

    Posted Aug 31, 2016 07:21 AM

    No there isn't. Sorry but what you're wanting to do will not wok with SEP. You won't be able to log exceptions. All exceptions are excluded from scanning and thus not logged.