Hi all,
Within our SEPM AV/AS >Mac Settings>File System Auto Protect> General Scan Details; we have the radio button set to: "Scan everywhere except in specified folders".
We then have a "Centralized Exclusion Policy" that has various Macos X folder excluded.
The policy is working and Autoprotect will ignore the listed folders. The problem we are seeing is that on Mac systems, when an administrative user creates a "Safezone" and excludes a particular folder, the entry is removed when the user logs out of the system or reboots it. The added exclusion is funtional while the user is logged in, but upon logout or a reboot, the folder exclusion entry is removed.
This problem does not appear to exist on Windows systems. Exclusions created on the client side by administrative users continue to persist regardless of reboots or logouts.
Is this normal behaviour for the Mac or do we have something misconfigured?