Endpoint Protection

In my company we have a problem with an application and exception list.
When i change the policy with the file and folder exception and update the client, the application works but when we reboot the computer the application don't start anymore. But here comes the strange part: If we click like 20-30 time on the shortcut, i get alot of the error but the last on or a few in the last click opens without any problem. Then the applications keeps working until the next reboot. This behavor is only there when SEP is installed.

Configuration:

WIndows 7 64 bit.
SEP 12.1 RU2 (it also happens with RU4)
Firewall is only logging it doesn't block anything.The software is installed on a remote server. There is only a small installation on the computer itself. The program is started from a shortcut on the desktop. but the exe file in on a network share.

Strange behavor

The strange part that is starts after a few (20) clicks and it works until the computer restarts. So i don't think the configuration is wrong.
I excluded path and the file from any scanning. Even disabled tamper protection (Its back on now cause i didn't change anything). 

Anyone have an idea why we have this behavor or even better a solution 

Its blocked for particular ammont of time and may be thats why it starts after few clicks.

what options you have set under auto protect?

under sepm-policy-antivirus and antispyware

select autoprtoect, select the option as start when symantec endpoint protection starts..

check if the issue persists.

So what you're saying is that the machine appears to lose record of the exception on reboot, and takes a little while to reapply it after being started up again.  Does that sound right?

If so, can you advise if this is a physical machine?  Or is it a virtual machine getting recreated anew after each reboot?

#EDIT#

Something else I'd check, is if the remote host is pingable when the app is still not working.  The reason I ask is because of how Windows likes to let you log on before the NIC is ready.  So I just wanted to rule out the scenario whereby Windows had not yet loaded the NIC drivers.

If we don't use the 'workaround' the problem stays even if we wait for 1 hour.

We can ping to server. we can use the network when the problem exist.

Its a physical machine

Sonar is enabled. Log is empty. 

This is wat our AV & AS policy is:

Autoprotect: yes

- Scan only extension
- Scan for security risk

We don't scan for files on remote computers.

Autoproitect starts when the computers starts. (changing this wont help)

Auto-Protect stop and reloads 

-------

Donwload insight is on with level 3.

---

Sonar is ON

High risk detection Quarantine
Low Risk Detection Log

DNS & Host file change is ignoerd.
And all suspicious Behavor is only log.

Anti Malware is on.

Bloodhound detectionn is enabled.

we don't do any e-mail scans or network drive scanning from the client.

Hmmm, the thing is, UNC paths aren't meant to work as far as SEP AV exceptions go (http://www.symantec.com/docs/TECH197009), not to mention the fact you have network scanning disabled anyway.

Another suggestion then, have you tried disabling the Insight lookups (found under SEPM Console -> Clients -> highlight group -> Policies Tab -> External Communications Settings) to see if this has an effect?  If enabled, the client will initiate a call to Insight on process launch, I'm wondering if the delay during the call is causing the error messages (up until the call is complete or times out, after which the app works without issue).

If that helps, then perhaps try adding the server IP of the machine hosting the app as a trusted web domain exception:

http://www.symantec.com/docs/HOWTO80926

Thanks for the suggestion, but it didn't solve my problem.

Found something interesting:

WHen i disable SONAR, it works. When i enable it with the folowing setting is doesn't start... After clicking 20+ time it works. On teh other tabs is also only log or ignore...

Any one have an idea? Why is still blocks something? The logs doesn't say anything...

It would seem the SONAR scan is adversely affecting this app. Have you tried adding the app as a SONAR exception only?

the exe file is on the list exception. I tried sonar only but also everything, but this doesn't change anything.
Except when to policy is loaded without restart the computer it works but after reboot it doesn't any more until we click 20+ times again.... I tested this before i created this post. 

Thx for the suggestion.

I must admit, with SEP Network Scanning disabled, and with Symantec confirming that UNC exceptions don't work, I'm a little confused as to how the current exception you've configured is making any difference.  Not to mention, you've confirmed this is SONAR rather than AV&AS.

On the SONAR note, have you tried adding in a Trusted Web Domain exception?  The article I posted earlier suggests this should affect SONAR too.

I added the ip adresses to Trusted Web domain exception. It doesn't change anyhting.

The strange part is that it works but i have to start the application a few times (20+ click on shortcut)

I know it strange but i try anything for now cause i can't solve it with my knowledge...

Try setting this app up to be monitored

Monitoring an application to create an exception for the application

Once it shows up in the list, you can add as an exception from any scanning

Aside from that, maybe a call to support is needed here

What's the error message getting generated by the first 20 launch attempts?

On the whole, I'm afraid you might be looking at a Symantec Support case at this point, or enabling some debug logging to see if anything else it getting triggered.

Anolther sytrange part here is that i already tried this but the application doesn't show in the list...

But nvm for some strange reason its solved...

This problem is solved. Dunno how i did it but it works on client v 12.1 RU2, but still give sproblem with 12.1 RU4. Maybe this is because our server isn't updated yet to RU4 maybe not. But our main version we use is 12.1 RU2. RU3 gave performance problems and it seems RU4 also give problems 

WIll inbvetsigate this in the future when we move our server and database. But for now this problem is solved. Don't ask how cause i don't know how...

Are you using IE version 10?

may the problem was with IE?

Download Insight exclusions are not honored on files downloaded through Internet Explorer 10

http://www.symantec.com/business/support/index?pag...

No we use IE9, some PC have 10 but all the PC that runs this software have IE9.