Endpoint Protection

 View Only

  • 1.  Third party AV client on the SEPM server

    Posted Jan 21, 2013 03:48 AM

    Hello,

    For one of our customers we have 2 environments, servers with 3rd party AV client installed (with its management console) and workstations with SEP client and managed by SEPM.

    Of course, on the server where SEPM is installed we don't have SEP client but 3rd party AV. So I need to know which files/folders on the SEPM server should be excluded from scan. I found one article (http://www.symantec.com/business/support/index?page=content&id=TECH194432) but are there another files and folders that I have to exclude, for example LiveUpdate folder containing lucomserver....exe. luall.exe etc, or the Inetpub/Content folder?

    Regards



  • 2.  RE: Third party AV client on the SEPM server

    Broadcom Employee
    Posted Jan 21, 2013 03:53 AM

    the link covers pretty much the all the folders.

    LiveUpdate processing directories

     

    Windows 2003 and Windows 2003 R2: 

    • \Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads

    Windows 2008 and Windows 2008 R2:

    • \ProgramData\Symantec\LiveUpdate\Downloads


  • 3.  RE: Third party AV client on the SEPM server

    Posted Jan 21, 2013 03:59 AM

    What is the OS of the SEPM machine? - the folders may differ depending on that. Is there any possibility to install SEP on this server instead of the 3rd party AV? SEP would have in place automatic scan folder exlusions for SEPM and the database:

    http://www.symantec.com/business/support/index?page=content&id=TECH102400



  • 4.  RE: Third party AV client on the SEPM server

    Posted Jan 21, 2013 04:06 AM

     

     

    HI,

    You can exlcude all SEPM file and folders.

    It's available in C:\Program Files\Symantec..

    Why you are using 3 rd party AV if SEP provide all level security

    If you are install sep client it's automatic exclude all sep releated files and folders..

     

    About the automatic exclusion of files and folders for Microsoft Exchange server and Symantec products

    Article:TECH102400  | Created: 2007-01-02  | Updated: 2013-01-04  | Article URL http://www.symantec.com/docs/TECH102400
     

     

     

    Note :Automatic Exclusion when applicable it's installed default location (C: Drive).If you are installed in different location you can manually added in Exclusion list



  • 5.  RE: Third party AV client on the SEPM server

    Posted Jan 21, 2013 07:07 AM

    It is requirement from the customer that servers are with another AV and workstations with SEP. Isn't it a risk if the whole SEPM directory is excluded from scan?



  • 6.  RE: Third party AV client on the SEPM server

    Posted Jan 21, 2013 07:12 AM

    NO,It's not a risk but when you can't exclude our sepm directory may be another third party av catch the sepm file as a virus.

    It's bettwe you can exclude all SEPM directory.



  • 7.  RE: Third party AV client on the SEPM server
    Best Answer

    Posted Jan 21, 2013 07:13 AM

    Any time you exclude something from a scan, there is a risk. However, some directories contain so much activity that it needs to be excluded due to performance. Malware will typically look to install itself in temp locations or the system32 folder. I believe the risk will be minimal excluding the SEPM directory.



  • 8.  RE: Third party AV client on the SEPM server

    Posted Jan 21, 2013 07:18 AM

    thanks, then I will exclude it