When you say \\this-server do you mean only 1 machine?

If so, you can either put it into it's own group and add the exclusion for .7z files or you allow in the policy the ability to add exclusions locally.

Also, I would just exclude the unttmp2 folder. So set the prefix variable to [NONE] and add the absolute path C:\Documents and Settings\<user>\Local Settings\Temp\unttmp2 to the policy. It will only exclude this location, not all of %temp%

Using Virtual Desktops.

\\This-server would be a server the virtual desktops access for the users profile. Basically I want to exclude .7z files on that server.

For your second point, I'm not talkig about just one machine, or one user for that matter. Again, virtual desktops.

Adding the .7z extension is easy.

Not so much for the folder under the user profiles as the way to currently do it is by adding for each user name....not practical.

Yes, I excluded the .7z extension already, although it's a security risk. What I really want to do is to exclude it in a particular share/folder location.

I hate Symantec.

I'm wondering if someone can help me with this...

I stripped down my Symantec installation to include only AV, made exceptions, even disabled auto-protect (which disables sonar and download protection).

Yet, the mere fact that Symantec is on the machine, adds 15 seconds more to the profileunity load process.

On a machine without Symantec, it loads 15 seconds faster.

Anything I can do?

Not sure if disabling Auto Protect is a good idea - without it you have basically no "live" protection.

Have a go and open a case with Symantec, I am afraid the scope of your problem is bit above the recommendations that can be provided via forum. A lot more analysis and reproductions will be necessary to reach here any solution or workaround.

Hello,

I agree with SebastianZ's recommendation as we already aware of this Limitation. However, as much as I believe this is being considered for the Future Releases.

Check these IDEA's - 

https://www-secure.symantec.com/connect/ideas/using-system-variables-exceptions

https://www-secure.symantec.com/connect/idea/centralized-exceptions-hash-or-filename

https://www-secure.symantec.com/connect/idea/sepm-more-variables-avas-exclusions

Hope that helps!!

Good links Mithun - the issue regarding the inability to set the User profile variables in exceptions has been already reported many time. Please support the ideas listed and hopefully we will see this option added in the future.

Hi,

I know I can exclude c:\users, but that's a security risk --> I really don't think there would be a security risk.

Exception paths will not be scanned only for scheduled scan not for real time scan. Symantec should take care even though it's under exception policy.

Even though after creating exception it doesn't mean threat can easily enter/move in the user profiles.

Hah i missed out on these ideas, will vote them.

I think it's good to have a different option for Auto-Protect scan

https://www-secure.symantec.com/connect/idea/sepm-... has been active since 2009. Obviously there's no pointing in having an idea and voting for it if it's not going to be implemented.

I think I personally voted for that idea almost two years ago.

Yes, as it's mentioned in that thread, it's not something that's easy to implement, nevertheless, it SHOULD have been implemented by now!

Stupid!