in SEP Manager (11.0.4202.75), I set a Centralized Exception in the policy for the group I am apart of. Imagine the Exception Item name is PROGRAM.EXE. So in the policy, it says
Exception Item - PROGRAM.EXE
Exception Type - TruScan Proactive Threat Scan Process
Action - Log Only
From my client, I've updated my policy, and waited 2 hours. From the client, I can see under the Proactive Threat Logs, that it obeyed this excecption, and logged some action that this EXE has taken.
However every so often, I get the SEP Notification, that the PROGRAM.EXE has been blocked !
SYMANTEC TAMPER PROTECTION ALERT
Target: C:\Program Files\Common Files\Symantec Shared\COH\COH32.exe
Event Info: Allocation Memory
ActionTaken: Blocked
Actor Process: C:\WINDOWS\System32\PROGRAM.exe (PID 3152)
Time: Thursday, September 03, 2009 1:31:19 PM
I need to allow this program to do anything and never be blocked, and I don't want to add it manually on every client.
What am I missing?