(SEPM) More variables for AV/AS Exclusions
Updated: 29 Jan 2010 | 34 comments
Status:
Reviewed
The variable for the current user's profile (Documents and Settings...) is currently unavailable when creating file and folder exclusions in Centralized Exception policies.
I know that this variable exists, as many programs (Internet Explorer, Firefox et all) use it; It stands to reason that exclusions may need to be made there.
Comments
why
why not just put in the full path?
This is why
If I put in an exception for docs and settings\scuba steve\local settings\fun program.exe and zoidberg logs on, AV will still trigger on docs and settings\zoidberg\local settings\fun program.exe.
I see now.
I see what you are saying now. Yes have the %userprofile% variable for our exclusions seems to be a pretty important option actually.
I have worked with customers that require these exclusions
I think adding a %userprofile% variable is critical
Good idea. In fact this is an
Good idea. In fact this is an urgent requirement.
Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind
Yes, this is a major
Yes, this is a major oversight in an enterpise environment.
Hi
Critical exclusion
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Yes, the %userprofile% variable is necessary
very important for our company...
I now have a customer with
I now have a customer with 10's of thousands of users that he needs to make an exception for in all of their profiles. This needs to be changed immediately.
Where is product management with this.
I have now 2 customers that
I have now 2 customers that really need exclusions for user's profile. This is especially important on citrix/ESX/etc environments.
This is also critical for us,
This is also critical for us, not just for centralized exceptions but also for firewall rules. Can we expect this anytime soon Symantec...?
This is also critical for us,
This is also critical for us, not just for centralized exceptions but also for firewall rules. Can we expect this anytime soon Symantec...?
This is critical, have to get rid of SEP
I have been asked to move to another security product. This is going to effect a March roll-out we have scheduled. Symantec support has given no work arounds for me to centrally exclude a directory from the %userprofile%. Without this exclusion for all workstations, we can not longer use SEP.
I don't understand how this
I don't understand how this gets overlooked. There should at least be a way of excluding a specific filename without specifying a full path. That way I could exclude certain files from being scanned from user profiles.
RU6a
Is there anything done regarding this in RU6a?
Excerpt, Terminal Server and Citrix Best Practices White Paper
Adding some food for thought to this thread:
Symantec's white paper on Terminal Servers makes mention of profiles. The full .pdf can be downloaded from http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008112414453348
"Some server administrators may wish to exclude their users roaming profiles and/or “My Documents” folders from being scanned for security risks. While this will improve performance, Symantec would not recommend this approach – in practice this is generally the location in which security risks are discovered."
Thanks and best regards,
Mick
With thanks and best regards,
Mick
This would be an important improvement
I have several customers on Citrix that would be happy for this, even though Symantec does not recommend it. For many customers, it would be important to exclude directories like m:\documents and settings\%username%\Application Data\<application>\<subfolder>.
So, I would not only want the %userprofile% variable, but also %user%.
We are also looking to
We are also looking to exclude subdirectories of the users' folders, namely My Documents. This seems like it should be a simple fix and could be released with a patch. Shouldn't it be up to the admins to decide what is secure for their network?
i totally agree with you
i totally agree with you Altair. Give us the option!!!
And while they're at it, maybe Symantec could include some other filters they have built into their Backup Exec product?
for example:
%temp% %wintemp% %webtemp% %recycled% %currentuserprofile% %currentusermydocs%
Has anything happened about
Has anything happened about this? I need some exceptions for folders and files within roaming profiles.
Extremely urgent for our hospital
The cache of a graphical medical application resides under the Application Data (XP) or AppData folder (Win7) and we need to exclude it for some 15,000 users on 10,000 machines. Either SEP needs to add the functionality for all Windows OS variables as Oivin mentioned above or at least add the Current User profile to the list. I suggest allowing all Windows variables but will settle for Current User. Thanks!
This thread is also pushing
This thread is also pushing for something similar but has less votes. I'm voting for everything hoping to get the developers attention:
https://www-secure.symantec.com/connect/idea/centr...
Need ability to exclude a user temp folder
We have an application which creates a folder structure inside each user temp folder. We are experiencing performance issues and it is recommended by the applictation vendor to exclude this temp folder from all Virust Scanning. How are we able to provide a solution?
Hi,I need custom prefix variable
Hi,
I use the version SEPM 12.1.671.4971
How to exclude a directory like "c:\documents and settings\%username%\temp" ?
How can i define custom prefix variable ?
Thanks and best regards, Christoph
We are looking into what we
We are looking into what we can do here.
%USERPROFILE% is actually harder to implement than you would think, as it means every time the user logs on we would have to dynamically enumerate the user and create the exception. Then, what happens when there is no user logged on, but scans and AV are still running? This gets even more interesting when you understand that our drivers are kernel based, so we need user mode code to help us determine what %USERPROFILE% is.
We believe the better route forward here is to use wildcards in pathnames. So, for example, C:\Users\*\Temp would match any user profile on the server or client, whether they are logged in our out.
thoughts?
Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint
Good suggestion, I agree with
Good suggestion, I agree with that.
What are the Symantec Endpoint Protection (SEP) versions released officially?
https://www-secure.symantec.com/connect/articles/w...
I agree with wildcards.
Paul, I completely agree with the wildcards in exceptions. This would avoid the issue that %USERPROFILE% doesn't exist until a user logs in. There is even another idea post for wildcards. I'm not sure if supporting regular expression would be preferred, but certainly the use of * and ? would be most useful.
SEP 12 Wildcard additon Critical
I thing Paul M's comments are correct about wildcards.
We will need this functionality or some other work around for the exception process in SEP 12.
I am not going to sugar coat it, deficiencies like this are the reason we only signed a 1 extension
with Symantec.
I've just started rolling out
I've just started rolling out the 12.1 client and it's picked up one app's DLL's as problem files. The location is in the user profile's folders. I have a few hundred people that this is affecting and can't add an exception for each user as that's totally absurd.
Until Symantec take a look at the files and OK them, this is indeed a critical issue.
The wildcard idea looks good, as long as there's a way to put a path in that covers all the subfolders in a userprofile then I'd be happy.
<- it's a face and it's happy
Wildcard and Java
I think Wildcard won't be implemented due to restriction from Java, which SEPM is using
Yahya - That's kinda funny.
Yahya - That's kinda funny. SEP uses Java but every day I see the firewall blocking Java download requests from the Java application. At first I was suspicious of the firewall activity but it looks to me like Java auto updates cannot run because the file downloads are blocked. I can imagine someone at Symantec saying, "The client will be okay. It'll download the Java update and everything will be fine."
BUT, that's not why I'm here.
We need the ability to block variable filenames like BITxxx.tmp, WITHOUT a specific path, so SEP will stop tagging our SCCM downloads as malicious. Apparently the scanning technology doing this is Suspicious.Cloud
Comments?
SCCM downloads
Lawson, you may want to look at configuring a trusted web domain. Please create a new thread or case if you still need help with this.
Excluding a trusted Web domain from scans: http://www.symantec.com/docs/HOWTO55211
wildcards
Does anybody know, if and when exceptions with wildcards are possible?
We need to exclude one foldername (on any drive, any subdir, any junction).
Till now, we have to enter every possible absolute path.
Would you like to reply?
Login or Register to post your comment.