Endpoint Protection

 View Only

  • 1.  SEP for MacOS X; Problems preserving client created folder exclusions

    Posted Nov 30, 2010 01:15 PM

      Hi all,

      Within our SEPM AV/AS >Mac Settings>File System Auto Protect> General Scan Details; we have the radio button set to: "Scan everywhere except in specified folders".

      We then have a "Centralized Exclusion Policy" that has various Macos X folder excluded.

     

      The policy is working and Autoprotect will ignore the listed folders. The problem we are seeing is that on Mac systems, when an administrative user creates a "Safezone" and excludes a particular folder, the entry is removed when the user logs out of the system or reboots it. The added exclusion is funtional while the user is logged in, but upon logout or a reboot, the folder exclusion entry is removed.

     This problem does not appear to exist on Windows systems. Exclusions created on the client side by administrative users continue to persist regardless of reboots or logouts.

      Is this normal behaviour for the Mac or do we have something misconfigured?

     

                                        

     

     

     

     

     



  • 2.  RE: SEP for MacOS X; Problems preserving client created folder exclusions

    Posted Nov 30, 2010 02:15 PM

    Edited to say: User-defined Safe Zones may be being overwritten by the SEPM policy.  I have not heard of this happening before, to be honest.

    As for Centralized Exceptions for Macs, this is unfortunately working as designed.

    This is expected behavior. Centralized Exceptions do not apply to manual scans (launched manually, by schedule, or by the "Mount Scan" feature); they work only for AutoProtect. This is leftover behavior from Symantec Antivirus for Macintosh (SAV for Mac), where "SafeZones" applied only to AutoProtect. Macintosh scans that are scheduled from the SEPM are also an "all-or-nothing" proposition; you cannot work around the exceptions shortcoming by scheduling a selective scan from the SEPM. This is expected to be improved in future versions of SEP for Macintosh.

    "Centralized Exceptions set for Macintosh clients do not seem to be respected for scheduled or manual scans" - http://www.symantec.com/docs/TECH132533

    See the document for info on workarounds in the form of the NAVx scanner.

    sandra



  • 3.  RE: SEP for MacOS X; Problems preserving client created folder exclusions

    Posted Nov 30, 2010 02:38 PM

    Hi Sandra,

     

    Thank you for the reply. I am aware that the Centralized Exclusion Policy only affects Autoprotect scans and not scheduled or manual scans, but thanks for the reminder.

    After furhter testing, it does appear that performing a policy update will also remove any user configured SafeZone settings. So, it does appear that the SEPM policy is trumping any user configurations.

    So, should I just assume this is expected behaviour (with respect to Autoprotect) and the Mac client hasn't evolved as much as the Windows client?

    Where this is issue is coming into play is that many of my Mac users compile code, and their code compiling is gettting scanned by Autoprotect as it's compiled. This of course puts a strain on the system and the code is taking longer to compile.

     



  • 4.  RE: SEP for MacOS X; Problems preserving client created folder exclusions

    Posted Nov 30, 2010 04:05 PM

    You're welcome!  I was just trying to be throrough re: CE :)

    I suspect it is working as designed but I will do some digging for you (client-defined vs admin-defined).

    Do the users do their compiling in different areas on their computers?

    sandra