Video Screencast Help

SEP 11 MR4 MP2 Centralized Exclusions

Created: 06 Oct 2011 • Updated: 07 Oct 2011 | 12 comments
g67's picture
This issue has been solved. See solution.

I have to build a Windows 7 SEP 11 Centralized Exclusions policy that includes the following paths: 

c:\users\<username>\appdata\local\<folder>\<folder>

c:\users\<username>\appdata\roaming\<folder>\<folder>

I understand that SEP doesn't support wildcards so as far as i can tell this means i will need to create an exclusion for every user in our business replacing <username> with their actual user name. For my company this represents 500 users so a total of 100 exclusions added to the centralized policy.

I don't want to exclude the entire c:\users\ & subdirectories, that would easier but would put the computer at risk of malware that ends up in the profile.

I cannot change the path structure as the application data i am excluding is per user.

Does anyone have any suggestions how i can get around this? 

Will this many exlcusions cause performance issues in SEP?

I look forward to your ideas.

Comments 12 CommentsJump to latest comment

pete_4u2002's picture

yes, the wildcards cannot be used for centalized exception.

http://www.symantec.com/business/support/index?page=content&id=TECH104326

using the path and many exceptions should not impact as the client will store its exception on its registry and exclude the scanning.

pete_4u2002's picture

if you have filename then you can name the filename and exclude it from scanning.

g67's picture

Thanks but my problem is not that i want to specify the filename but the fact that i need create an exclusion for a folder in the users profile. This is c:\users\<username>\<folder path> where <username> changes per user. In an ideal world i would use c:\users\*\<folder path> however because SEP cannot use wildcards i have to add each username individually. This is going to be a lot of work.

SolarisMaestro's picture

I would recommend against using centralized exceptions but in some cases you may need to use them. I would just keep it at a minimum. If you are trying to exclude a file, then it would be better to submit that as a false positive so it doesn't get detected.

https://submit.symantec.com/false_positive/ 

 

Thank you for marking as a solution if you felt this response met your needs!

g67's picture

I need to use centralized exclusions because i don't want the folder scanned by SEP. The files in the folder are not being detected as virus. The files are part of a email search/filing system, the performance of which is affected by the auto-protect scanning. we need to stop these directories being scanned when they are used.

Vikram Kumar-SAV to SEP's picture

I would sugest guide users to create local exceptions.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Cameron_W's picture

These files that are part of the email search/filing system, are they a unique extension type? If so you could make an exclusion for this file type.

If I was able to help resolve your issue please mark my post as solution.

g67's picture

The file extensions in question are .dat  - they are not unique to the application in question.

unfortunately .dat files are used for other applications however If there is no other alternative this may be a risk we can take. 

If i was to add an exclusion for .dat does that mean it will not be scanned where ever it exists on the computer?

Any other ideas if its my manager finds in unacceptable to exclude .dat files?

Vikram Kumar-SAV to SEP's picture

The only other alternative would be loal exclusions, excluding *.dat won't be that bad idea as haven't seen many malwares using. dat files.

However, if possible, you can remove this exclusion once a month or once a quarter and scan all files.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

SOLUTION
g67's picture

Hi Vikram,

In this instance i think excluding .dat files is a workable solution. 

Thanks for the advice.

pete_4u2002's picture

if the filename is consistent across all the machines, use the filename instaed of *.dat

g67's picture

But filename exclusion needs me to specify the path. The path has a variable (username) - c:\users\%username%\ and i cant user wild cards so it means adding an exclusion for all users. Not good fun. 

Excluding the extension is the best solution for me at this stage.