Endpoint Protection

 View Only

  • 1.  verify that all exceptions on an Endpoint client are applied

    Posted Jun 24, 2013 07:49 AM

    Hi.

    I have a cluster of VDI with latest version Sysmantec End Point , and the antivirus department confirm that the exceptions are applied.

    I have fallen many incidents of cluster nodes , Can exceptions be implemented but are not in the registry?

    regards and thank you very much



  • 2.  RE: verify that all exceptions on an Endpoint client are applied

    Posted Jun 24, 2013 07:51 AM

    when exceptions are made they will be entered in the registry, if you are on 64 bit machine make sureyou check the right path folder.check this document

    How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory



  • 3.  RE: verify that all exceptions on an Endpoint client are applied

    Posted Jun 24, 2013 08:07 AM

    Hi, 

    Agree with Rafeeq, you can see it via registry or also run the symhelp and find out what are the exceptions.

    Regards

    Ajin



  • 4.  RE: verify that all exceptions on an Endpoint client are applied

    Posted Jun 24, 2013 08:20 AM

    Thank you for the quick answer



  • 5.  RE: verify that all exceptions on an Endpoint client are applied

    Posted Jun 24, 2013 08:36 AM

    is it possible be applied and don´t see in the register nodes?



  • 6.  RE: verify that all exceptions on an Endpoint client are applied

    Posted Jun 24, 2013 08:40 AM

    Assuming you have the correct permissions to view the registry, you will see them.

    Has the policy change taken affect on the client? Once the policy updates with the new exceptions, you will see them in the registry as described above.



  • 7.  RE: verify that all exceptions on an Endpoint client are applied

    Posted Jun 24, 2013 08:48 AM

    It will always be in registry.... on what machine you are checking ? are you checking user defined exceptions are exceptions defined by Admins from SEPM?



  • 8.  RE: verify that all exceptions on an Endpoint client are applied

    Broadcom Employee
    Posted Jun 24, 2013 12:56 PM

    Hi,

    Thank you for posting in Symantec community.

    I would be glad to answer your question.

    Are you talking about specific exception which you are not able to see in registry?

    OR

    None of the exception you are not able to see in the registry?

    I think you won't see tamper protection exceptions in the registry.



  • 9.  RE: verify that all exceptions on an Endpoint client are applied

    Trusted Advisor
    Posted Jun 24, 2013 01:35 PM

    Hello,

    In case you are running SEP 11.x, you can check the below article:

    How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory

    http://www.symantec.com/docs/TECH105814

    However, In case you are running SEP 12.x, I would suggest you to check this Article:

    Verifying SEP Exceptions for Windows Server 2008 and Windows Server 2003 Domain Controllers

    http://www.symantec.com/docs/TECH96048

    and

    Also check these steps as provided below:

    Check the registry :-

    FOR 32Bit :-

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines\FileName

    \Admin and \Client

    v.Extensions

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines\Extensions\

    \Admin and \Client

    FOR 64Bit :-

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions

    \FileExceptions and \NoScanDir

    \Admin and \Client

    Secondly, In VDI environment, there are other ways to create exceptions, check this Thread:

    https://www-secure.symantec.com/connect/forums/virtual-image-exception-tool

    Hope that helps!!