Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Allow wildcards in File Exclusions

Created: 16 May 2012 | 1 comment
OliveS's picture
6 Agree
0 Disagree
+6 6 Votes
Login to vote

To comply with Microsoft's recommended exclusions for domain controllers, wildcards within file exclusions are necessary and folder exclusion is not recommended.  For example, excluding the SYSVOL folder on domain controllers would allow any malicious file copied into that folder to be automatically replicated to all domain controllers in the environment. 

 

We do not install our SYSVOL folder to the default location, which requires us to make file exclusions.  http://support.microsoft.com/kb/822158 has the recommended actions to take.

 

Because this feature does not exist in SEPM, we cannot meet the best practices recommended by MS for scanning domain controllers and hinder performance.  To not affect performance, we have to exclude all of the SYSVOL directory...lowering the security posture of all our domain controllers in the environment...not a great limitation to have with our security endpoint software.

 

Is this enhancement scheduled for a later release? 

 

 

Comments 1 CommentJump to latest comment

tmmiller's picture

Bumping this to the top as I submitted another request on this today.  This request was found almost 30 pages deep.

0
Login to vote