Video Screencast Help

SEP 12.1 - Exceptions for Applications (SQL Specific)

Created: 31 May 2012 | 3 comments

Hey all,

I have been using SEP 11 RU6 for a long time and I've recently migrated to SEP 12.1. It seems great so far but it's forced me to re-evaluate how I've been dealing with file exceptions. Previously, I had specified folder exceptions for applications such as SQL. I would exclude file folders containing %\MSSQL\%. Essentially this would include LDF files and MDF files but it would also exclude everything else inside of those folders. Not a huge deal, I know, but it does leave our security hole foot print a little bigger then what I would like. 

Looking for some opinions here, is it better to build an exception for the folder or an exception for the file type. I have a pretty complex SQL configuration. I have LDFs, MDFs, and NDFs that span several different logical partitions (volumes on a SAN) and I am not sure if it's more efficient from a performance standpoint to block the folders that contain these file types or if I should just exclude the file types themselves. 

Any and all feed back is much appreciated! Thanks in advance!

Comments 3 CommentsJump to latest comment

Swapnil khare's picture

These Links might answer your query

Configuring the management server to collect information about the applications that the client computers run

How to create an application exception in the Symantec Endpoint Protection Manager

Forcing scans to detect an application

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Swapnil khare's picture

Did  this work ?

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

sandra.g's picture

It may be that both folder and file exclusions are needed. Microsoft's article has recommendations for exclusions for SQL (see the section entitled, "Directories and file-name extensions to exclude from virus scanning"):

How to choose antivirus software to run on computers that are running SQL Server


Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!