Endpoint Protection

 View Only

  • 1.  Use SEP Manager to add exceptions

    Posted Jan 16, 2014 02:20 AM

    Hi all,

    Currently, many users in the company are using an .exe executable file developed by our trusted vendor. The users put the application in the locatoins they like. But endpoint client said that there is a virus in that .exe file. We believed that this is a false positive case and we would like to add this .exe file into exception policy.

    However, when adding the exception, file path must be specified. Since different users put the file in different location, I need to add many exceptions.

    What can I do to make the exception rule is file path independent? What I want to do is to add that .exe file into exception.

    Best

    Dev



  • 2.  RE: Use SEP Manager to add exceptions

    Posted Jan 16, 2014 02:39 AM

    You can add the .exe as application exception - this will use application learning fuctionality that will recognize the file no matter the location - you don't need to set here any specified path during the exception creation:

    How to create an application exception in the Symantec Endpoint Protection Manager

    Article:HOWTO61213  |  Created: 2011-12-07  |  Updated: 2012-03-27  |  Article URL http://www.symantec.com/docs/HOWTO61213

     

    Second possibility - you can submit the file to Symantec Security Response for whitelisting:

    Best Practice when Symantec Endpoint Protection or Symantec AV is Detecting a File that is Believed to be Safe

    http://www.symantec.com/docs/TECH98360

    Software White-Listing Request

    https://submit.symantec.com/whitelist/isv



  • 3.  RE: Use SEP Manager to add exceptions

    Posted Jan 16, 2014 03:30 AM

    enable application learning as per this document

    http://www.symantec.com/business/support/index?page=content&id=TECH134367

    then add this application in the exception. will be excluded irrespective of path



  • 4.  RE: Use SEP Manager to add exceptions

    Posted Jan 16, 2014 08:35 AM

    Add the application to be monitored

    Monitoring an application to create an exception for the application



  • 5.  RE: Use SEP Manager to add exceptions

    Posted Jan 16, 2014 10:02 PM

    I did but it did not work as I keep receiving email alerts about this risk.



  • 6.  RE: Use SEP Manager to add exceptions

    Posted Jan 16, 2014 10:04 PM

    Rafeeq and _Brian, I am trying your method. Thanks for your reply. But what actually application learning does?



  • 7.  RE: Use SEP Manager to add exceptions

    Broadcom Employee
    Posted Jan 16, 2014 10:04 PM

    whether the policy has been taken by the clients?

    check this

    How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory

    http://www.symantec.com/business/support/index?page=content&id=TECH105814&locale=en_US



  • 8.  RE: Use SEP Manager to add exceptions

    Posted Jan 16, 2014 10:05 PM

    With application monitoring, you can set an application to be monitored, once it shows up in the SEPM you can set an action for the SEP client to take such as terminate, delete, remove, etc.



  • 9.  RE: Use SEP Manager to add exceptions

    Posted Jan 16, 2014 10:08 PM

    it read all the executables....You can learn what all applications run on the end user..

     



  • 10.  RE: Use SEP Manager to add exceptions

    Posted Feb 24, 2014 09:19 PM

    Do you need more assistance with your problem or were you able to get it resolved?

    If you could post an update for followers of this thread that would be most helpful.

    Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post. If multiple posts helped to solve your problem, please click the "Request split solution" link at the bottom left, select the most helpful posts and click the "Submit" button. This will benefit admins looking for a resolution to the same problem.

    Thanks and take care,
    Brian