Video Screencast Help

SEP 12.1 MP1 - ClientSideClonePrep Tool & Virtual Exception Tool

Created: 13 Jun 2012 • Updated: 27 Jun 2012 | 6 comments
JRS17's picture
This issue has been solved. See solution.


My team is going to be creating a base, gold image to be used for Windows Server 2008 server builds.  As part of this image, I want to make sure that it has a SEP 12.1 MP1 agent. Based on this, I have a few questions:

1)  As I understand it, when you put an agent on the gold image itself, you are to make sure that it gets the latest updates and then perform a scan, then use the clientsidecloneprep tool.  Therefore, does the SEPM manager need to be installed prior to doing this so the agent can check-in, receive policy, and then perform a scan, prior to using clientsidecloneprep tool?  I am assuming it would, so the agent knows the details of the SEPM?

If not, how does the agent associate with the SEPM, if the SEPM is installed after the agent is put on the base image using the agent installer?

2) Can you confirm these steps are accurate:

a) Once the image is built, install a SEP agent

b) Update the SEP agent for content/virus def. and run full scan

c) run virtual exception tool 

d) run clientsidecloneprep tool

e) save image (upon reboot, the agent will receive a unique identifer)

3)  Finally, does the clientsidecloneprep tool do only what is needed for SEP agents to be brought up uniquely? (i.e. not involved with the OS uniqueness at all)  Basically what I am asking is, since I am assuming on the windows side the virutal machines need uniqueness as well, is there something that will be done in windows imaging building that will impact when the clientsidecloneprep tool will need to be run?

Comments 6 CommentsJump to latest comment

JRS17's picture

I have seen this, but the specific questions are not answered in that document.  Thanks. 

Mithun Sanghavi's picture


You are correct.

The Symantec Endpoint Protection (SEP) 12.1 client checks for this attribute before scanning files and skips scanning any files that are marked as "known good" by the VIE tool. Scans on VDI clients created with images processed by the VIE tool will experience lower I/O load, CPU usage, and network bandwidth usage during scheduled and manual scans.

Here are the Steps and Action:

Step 1: On the base image, perform a full scan all of the files to ensure that the files are clean. If the Symantec Endpoint Protection client quarantines infected files, you must repair or delete the quarantined files to remove them from quarantine.

Step 2: Ensure that the client's quarantine is empty. 

Step 3: Run the Virtual Image Exception tool from the command line to mark the base image files. Check the Article:

Step 4: Enable the feature in Symantec Endpoint Protection Manager so that your clients know to look for and bypass the marked files when a scan runs.

Step 5: Remove the Virtual Image Exception tool from the base image.

The Virtual Image Exception tool supports fixed, local drives. It works with the files that conform to the New Technology File System (NTFS) standard.


Symantec Endpoint Protection Virtual Image Exception User Guide 12.1

About the Symantec Virtual Image Exception tool

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.