Endpoint Protection

Hi,
I have a problem with SEP RU6a managed client and Quickbook Pro 2007. My problem is that I can get a centraliced Exception to work, I had to manually create a TrueScan Protection Exception on the SEP client in order to fix the issue.

The problem is described here:
http://service1.symantec.com/support/ent-security.nsf/0/6cc9274310e110968825763b0067ee3f?OpenDocument
http://support.quickbooks.intuit.com/support/pages/knowledgebasearticle/8773d9d4

I solve the issue by going in the Client, then centrallized execption and add a Truescan exception.
If I create a Centrallized Exception in SEPM, update policies in the client, confirm it has the latest version, the problem is not solved.



So, how do I create a TrueScan Exeption in SEPM and how can I confirm that it will work on the client?

Many thanks
Oliver

Is the client communcating to the SEPM

Please go to HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint
Protection\AV\Exclusions   and check if the exclusion is getting applied or not?

Follow this to create exceptions in the SEPM
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/f7602d481cc0cb8e882574020062b021?OpenDocument

Hi,
I can see the exceptions correctly listed. The one I look forward is in:

HeuristicScanning/FileName/Admin/10.......
FirstAction = 4
ProtectionTechnoloy = 2 
FileName = "QBDBMgrN.exe"


The one I created in the client is in:
HeuristicScanning/FileHash/Client/10.....
ProtectionTechnoloy = 2 
FileName = "C:\Program Files\Intuit\Quickbooks 2007\QBDBMgrN.exe"

So the exception I create in the client has a full path and the one I create in the SEPM does not have a full path or file hash.

When you created the excpetion on the SEPM did you gave the full path?

No, I did not put the full path.
Right now I added the full path but the problem still persist.

I also have to restart the 2 Quickbook services and restart the DB Manager to test the new policies.

Any other tips?

Many thanks!

You said:
I solve the issue by going in the Client, then centrallized execption and add a Truescan exception.
If I create a Centrallized Exception in SEPM, update policies in the client, confirm it has the latest version, the problem is not solved.
***********

If the issue is fixed on the client side, when you create the exception locally on the machine...
It is possible that the group the client is in is not inhertting policies?
Did you check to make sure the policies are the same?

What about the client itself?  Can you see the "ADministrator Defined Excaeptions?"
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/73a278b5de8e0af9882574d40064cd2c?OpenDocument

No, I can not see that "Administrator defined exeptions", but thats seems to be ok.

I can confirm the exceptions are downloaded from the SEPM by watching the registry. My problem seems to be that the execptions are not applied.

for 64 machines;exccepions wil be under different path

Its a win32 server, also, I added the full path.

I can see the exeception on the registry, but they are not enforced. I rebooted the machine to test and no, the policy does not work.

If I add manually the execption in the client, it works. Also, I only have installed the SEP client with the antivirus component, all other are not installed.