Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

What exceptions exist by default in SEP 12.1?

Created: 25 Jan 2013 • Updated: 25 Jan 2013 | 6 comments
This issue has been solved. See solution.

I'm setting up a new SEP 12.1 management server and looking at an old SEP 11 server as a model for this one.  The person who set up the old SEP 11 server has lengthy exceptions policies with items like pagefile.sys and other miscellaneous Windows files in addition to the \spool folder and %{WINDOWS]%\system32\dhcp.  He also has the Symantec files like rtvscan.exe listed.  Additionally, Exchange info store items like X:\Exchange\mdbdata and other Exchange folders.  He attempted to except MS SQL folders with wildcards too.

All of this makes me wonder - isn't SEP supposed to be intelligent enough NOT to scan certain Windows processes and its own executable files?  If so, is there a list of what is excluded from scanning so that I don't have to add such items to an exception policy?

Many thanks,
Mark

Comments 6 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Check these Articles:

About the automatic exclusion of files and folders for Microsoft Exchange server and Symantec products

http://www.symantec.com/docs/TECH102400

About the files and folders that Symantec Endpoint Protection excludes from virus and spyware scans

http://www.symantec.com/docs/HOWTO55233

Hope that helps!!

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
.Brian's picture

See this

 

About the automatic exclusion of files and folders for Microsoft Exchange server and Symantec products

Article:TECH102400  |  Created: 2007-01-02  |  Updated: 2013-01-04  |  Article URL http://www.symantec.com/docs/TECH102400
 

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

saturnnights's picture

Thanks for the links - those were very helpful!  I had thought that SEP would exclude those locations and processes.

What about Windows files and processes?  Should I really exclude the pagefile.sys and other basic Windows files?  That seems like another category of items that SEP is probably smart enough not to mess around with?

 

Thanks,
Mark

.Brian's picture

No Windows files or processes are excluded by default.

You shouldn't have to worry about these and SEP causing an issue.

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

The client automatically creates file and folder exclusions for the Active Directory domain controller database, logs, and working files. The client monitors the applications that are installed on the client computer. If the software detects Active Directory on the client computer, the software automatically creates the exclusions.

For each type of administrator-defined scan or Auto-Protect, you can select files to include by extension. For administrator-defined scans, you can also select files to include by folder. For example, you can specify that a scheduled scan only scans certain extensions and that Auto-Protect scans all extensions.

For executable files and Microsoft Office files, Auto-Protect can determine a file's type even if a virus changes the file's extension.

By default Symantec Endpoint Protection scans all extensions and folders. Any extensions or folders that you deselect are excluded from that particular scan.

Symantec does not recommend that you exclude any extensions from scans. If you decide to exclude files by extension and any Microsoft folders, however, you should consider the amount of protection that your network requires. You should also consider the amount of time and resources that your client computers require to complete the scans.

NOTE: Any file extensions that you exclude from Auto-Protect scans of the file system also excludes the extensions from Download Insight. If you are running Download Insight, you should include extensions for common programs and documents in the list of extensions that you want to scan. You should also make sure that you scan .msi files.

Reference: 

About the files and folders that Symantec Endpoint Protection excludes from virus and spyware scans

http://www.symantec.com/docs/HOWTO55233

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

saturnnights's picture

This is all VERY helpful - gives me a good idea how to proceed with the new server.

Thanks for all of your help!

 

Mark