Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Servers Scanning

Created: 17 Mar 2013 | 4 comments
Jaredirk's picture

Hi Guys,

Is there a best practice guide for serves when it comes to settings?

Like scan action recommendations etc.

This is inline with the client that they only want for first action is clean

and the second action is log only.

They just want to ensure no files will be deleted or quarantined (Exchange, Sharepoint, database, Client specific applications) especially during false positives detection.

Thanks,

Mark

Operating Systems:

Comments 4 CommentsJump to latest comment

.Brian's picture

I'm not finding a best practice for scanning servers other than for performance related reasons.

Chances are you will be fine on those servers as SEP shouldn't remove legit files.

If you are worried about it, set the action to Quarantine so that you can restore if you find a false positive.

 

About the automatic exclusion of files and folders for Microsoft Exchange server and Symantec products

Article:TECH102400  |  Created: 2007-01-02  |  Updated: 2013-01-04  |  Article URL http://www.symantec.com/docs/TECH102400

 

Excluding Microsoft SQL Server files and folders using Centralized Exceptions

Article:TECH105240  |  Created: 2008-01-27  |  Updated: 2012-11-12  |  Article URL http://www.symantec.com/docs/TECH105240

 

Exclusions required to run Symantec Endpoint Protection with Microsoft SharePoint

Article:TECH91287  |  Created: 2008-01-08  |  Updated: 2010-01-23  |  Article URL http://www.symantec.com/docs/TECH91287

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Jaredirk's picture

Their issue is mostly with the client specific applications since they have their own programmers who make their own applications.

Quarantine is okay for 2nd action but their issue is if it quarantines a file and is being used, they can have problems with their applications which are mostly billing/finance related applicataions

.Brian's picture

I've rarely seen Auto-Protect identify a false positive in this case. Most of the time false positives may be found with SONAR or Bloodhound. This is usually due to poor programming.

You may want to get a list of "in-house" apps and test them with SEP if you can.

With many in-house apps, you can submit to Symantec so they can review and add to their internal whitelist:

https://submit.symantec.com/whitelist/isv/

You can also submit false positives here:

https://submit.symantec.com/false_positive/

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

does this helps

Security Response recommendations for Symantec Endpoint Protection settings

http://www.symantec.com/docs/TECH122943