Endpoint Protection

Hey all,

I have been using SEP 11 RU6 for a long time and I've recently migrated to SEP 12.1. It seems great so far but it's forced me to re-evaluate how I've been dealing with file exceptions. Previously, I had specified folder exceptions for applications such as SQL. I would exclude file folders containing %\MSSQL\%. Essentially this would include LDF files and MDF files but it would also exclude everything else inside of those folders. Not a huge deal, I know, but it does leave our security hole foot print a little bigger then what I would like. 

Looking for some opinions here, is it better to build an exception for the folder or an exception for the file type. I have a pretty complex SQL configuration. I have LDFs, MDFs, and NDFs that span several different logical partitions (volumes on a SAN) and I am not sure if it's more efficient from a performance standpoint to block the folders that contain these file types or if I should just exclude the file types themselves. 

Any and all feed back is much appreciated! Thanks in advance!

These Links might answer your query

Configuring the management server to collect information about the applications that the client computers run

http://www.symantec.com/docs/HOWTO55219

How to create an application exception in the Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=HOWTO61213

Forcing scans to detect an application

http://www.symantec.com/business/support/index?page=content&id=HOWTO55209

Did  this work ?

It may be that both folder and file exclusions are needed. Microsoft's article has recommendations for exclusions for SQL (see the section entitled, "Directories and file-name extensions to exclude from virus scanning"):

How to choose antivirus software to run on computers that are running SQL Server
http://support.microsoft.com/kb/309422

sandra