Endpoint Protection

 View Only
  • 1.  SEP 11 - Centralized Exceptions

    Posted Jan 26, 2012 09:18 AM

    Hi All, I am looking for some information regarding centralized exceptions, more specifically with regards to my scenario as follows.

    We have a number of files that we do not want to be scanned by real time scanner as this affects performance of the assosicated application. Am i right to assume i would need to add this to Security Risk Exception only?

    We have a number of our own developed .exe files that get detected by proactive threat protection as risk. I assume that to exclude these from scanning we add them only to the TruScan Proactive Threat Exceptions only? i.e. we dont need to add them to Security Risk Exception too?

    I'm guessing i add exclusions only to the one specific exception area rather than adding to my files to both Security Risk Exceptions and TPT Execptions?

    Are there any circumstances where i need to add an exclusion to both areas?

    Once added, how do i check that the file is no longer being scanned. I know that you can check the registry to ensure the exclusion is in place but is it possible to easily see real time scanning in progress as i open files?

     



  • 2.  RE: SEP 11 - Centralized Exceptions

    Trusted Advisor
    Posted Jan 26, 2012 10:06 AM

    Hello,

    Since these Files are getting detected by Proactive Threat Protection, this could be absolutely due to Suspicious Activity.

    In this Case, you could create an Exception with TruScan Proactive Threat Scans

    Yes, it is adviseable to Create a Security Risk Exception as well.

    Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager

    http://www.symantec.com/docs/TECH104326

    Secondly, I would also suggest you to submit these files Please submit the File / Application on:

    https://submit.symantec.com/false_positive/

    https://submit.symantec.com/whitelist/isv/

    and 

    https://submit.symantec.com/websubmit/essential.cgi

    I would also request you to create a Case with Symantec Technical Support.

    You can create a Case Online as well...

    QuickStart Guide - Create and Manage Support Cases in SymWISE

    http://www.symantec.com/docs/HOWTO31132

    Hope that helps!!



  • 3.  RE: SEP 11 - Centralized Exceptions

    Posted Jan 26, 2012 10:54 AM

    Thanks.

    is it possible to see a real time scan in progress to check that file exclusions are not being scanned?



  • 4.  RE: SEP 11 - Centralized Exceptions
    Best Answer

    Trusted Advisor
    Posted Jan 26, 2012 11:10 AM

    Hello,

    I am not preety sure if that could be done.

    However, you can check the Exceptions in the Registry - 

    Check this Article:

    https://www-secure.symantec.com/connect/articles/symantec-endpoint-protection-few-registry-tweaks

    Hope that helps!!



  • 5.  RE: SEP 11 - Centralized Exceptions

    Posted Jan 26, 2012 11:22 AM

    i have checked the registry settings previously. I just wanted to know if it was possible to see a real time scan in progress.

    Thanks for your help.