Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

What is Exception

Created: 16 Dec 2012 • Updated: 21 Dec 2012 | 6 comments
This issue has been solved. See solution.

We are using the centralized exception policy on some of the group, anyone help me to understand centralize exception and how it configure?

Regard

Ashok

Comments 6 CommentsJump to latest comment

rs_cert's picture

Centralized Exceptions Overview

You can use a centralized exceptions policy to create exceptions for antivirus and antispyware scans. You can also create exceptions for TruScan proactive threat scans or Tamper Protection.

Any exception that you include in the policy applies to all scans of the same type. For example, you might create an exception to exclude a security risk. The client software then excludes the security risk from all antivirus and from all antispyware scans on the client computers that use the policy.

Table: Overview options

Option
Description
Policy name Provides the name of the policy that includes all of the centralized exceptions
Description Enables you to type a description of the centralized exceptions to any existing policies
Group Path Shows the groups that currently use any of the centralized exceptions
Location Shows the locations that are associated with the groups that use this exception

Centralized Exceptions

Use this tab to add centralized exceptions for security risks, TruScan proactive threat scans, and Tamper Protection. You can edit or delete exceptions, and you can view exception details.

A centralized exceptions policy lets you exclude certain items from future detection. Exclude only those items that you have determined are useful in your environment. Those items must not pose a risk to the security of your network.

You can exclude the following items from antivirus and antispyware scans:
· Known security risks
· Extensions 
· Files 
· Folders

For Tamper Protection, you can exclude particular files.

For proactive threat scans, you can create the following exceptions:
· Specify an action for a known process that proactive threat scans detect.
· Force a detection of a particular process.

Note: Cannot make exceptions for a type of scan ie. scheduled, custom or on demand. They all follow the centralized exceptions.
 

Centralized Exceptions: Client Restrictions

Use this page to specify restrictions for the types of exceptions that users can add. By default, users can create any type of exception. If you de-select an exception type, the user cannot create any exception of that type.

Note: Users cannot configure Tamper Protection exceptions.

Centralized Exceptions www.symantec.com/docs/TECH104432

How to configure Centralized exceptions:

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 11
SOLUTION
Chetan Savade's picture

Hi,

You configure a Centralized Exceptions Policy in the same way that you configure other types of policies.You can click Help for more information about the options that are used in the procedures.

Go through the following articles to know more about it.

Configuring a Centralized Exceptions Policy

http://www.symantec.com/docs/HOWTO27313

Creating Centralized Exception Policies in Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH104326

How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged

http://www.symantec.com/business/support/index?pag...

 About centralized exceptions for TruScan proactive threat scans

 http://www.symantec.com/docs/HOWTO27316

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

hj1979's picture

Centralized Exceptions policies contain exceptions for the following types of scans for Windows-based operating systems:

  • Antivirus and Antispyware scans
  • TruScan Proactive Threat Scans
  • Tamper Protection

http://www.symantec.com/business/support/index?page=content&id=TECH104326

rs_cert's picture

Have you tried attach above links??

If it not helpfull to you then reply otherwise mark the valid comment as solution.

consoleadmin's picture

Why Should I Use A Centralized Exceptions Policy?

There are many reasons that you might want to create a Centralized Exceptions Policy, though here are some of the most common reasons:

  1. In order to automate administrative tasks on user machines, you use tools to hide script windows while they run in the background.
  2. IT Staff use tools such as IP scanners or key loggers for legitimate administrative purposes.
  3. You'd like to control whether your users can add program or security risk exceptions themselves.

Applications and tools that assist with automated scripting, IP Scanners and KeyLoggers are often categorized as security risks by antivirus software including Symantec Endpoint Protection.   Once SEP has been installed, it will prevent any of these types of programs that it categorizes as security risks from running, and will throw them into the quarantine. 

In nearly all companies, allowing an IT department to function normally and be able to script and automate various administrative functions can be a critical time saver.   To make sure that those needed programs that are classified by SEP as security risks are still available to your users / IT staff, you'll want to create a Centralized Exceptions Policy.

How To Create A Centralized Exceptions Policy:

Centralized Exceptions Policies can be created from within Symantec Endpoint Protection Manager.   Once you've loaded it and logged in, follow these steps:

  1. Choose the Policies tab from the left-hand menu
  2. Under View Policies, select Centralized Exceptions
  3. Right-Click in the Centralized Exceptions Policies section and choose Add
  4. In the Overview of your new policy, type a name and description for your new policy (i.e.  IT Exceptions, Security Risk Exceptions for the IT Department)
  5. Next, click on Centralized Exceptions in the left menu
  6. On this screen, you'll need to add those applications that you'd like to exclude from SEP checking.   These can be Security Risks, specific files or folders or even file extensions.  To exclude one of these items, add it and choose Ignore as the action.
  7. The third option on the left menu will allow you to configure the options that allow or deny specific Policy Groups the option to create exceptions themselves.  You can choose specific types of allowed or denied exceptions if you'd prefer.
  8. Finally, Click OK.

https://www-secure.symantec.com/connect/articles/centralized-exceptions-policies-why-use-them-and-how-configure-them

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 11

http://www.symantec.com/business/support/index?page=content&id=TECH104326

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH183201

https://www-secure.symantec.com/connect/forums/how-set-sepm-central-exception-monitor-non-exe-excutable-files

http://www.symantec.com/business/support/index?page=content&id=TECH176906

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager

 http://www.symantec.com/business/support/index?page=content&id=TECH104326

About the automatic exclusion of files and folders for Microsoft Exchange server and Symantec products

http://www.symantec.com/business/support/index?page=content&id=TECH102400

SEP recognizes the Exchange server and the necessary folders and files are excluded by default.
http://www.symantec.com/docs/TECH97707

Subfolders of folders that are excluded by Automatic Exclusions for Exchange are scanned

http://www.symantec.com/business/support/index?page=content&id=TECH134854

Check this thread :

http://www.symantec.com/connect/forums/sep-121-exchnage-2010-automatic-exclusions

Thanks.

hj1979's picture

Hello

Your issue sorted or not?