Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP Exclusions - Have an allow list

Created: 03 Jun 2013 • Updated: 28 Oct 2013 | 6 comments
abromens's picture
0 Agree
0 Disagree
0 0 Votes
Login to vote
Status: In Review

SEPM Policy/SEP Client – for exclusions – would be nice to have an Allow option within the SEPM policies for Exclusions – to be able to set an option to allow users/admins to view exclusions that are set by the exclusion policy when on the SEP client console to help in troubleshooting client/application issues.  Users/Admins wouldn’t be able to change those exclusions – but would be nice to view them.

Comments 6 CommentsJump to latest comment

Elisha's picture

Thanks for the suggestion.  What is the use case for this?  Why do your users need to be able to see the exclusions?

-2
Login to vote
Rick Wall's picture

- Why do your users need to be able to see the exclusions? -

This is a feature request we have been asking for, for years.  In larger companies, there are groups of employees - that you could refer to as application owners; SharePoint, SQL, Oracle, Hyperion, SCOM, SCCM, domain controlers... that are responsible for the operations of those servers.  That includes the proper use of file and folder exceptions from the file scanning of any AV product installed on those servers.  The application vendor recommends certain exceptions, so they come to us to put those exceptions in place on their particular servers.  So we do that work, put the exceptions in place, but they have no way to check to make sure that the exceptions are in place, other than to dig deep into the registry on the server to find the Symantec registry entries that have each exception.  This is NOT optimal!  Understand that we never want them to be able to change them, only view what we have put in place.

Imagine the circumstance of an application server owner who's application is suddenly showing extreme signs of slow down (happens regularly) and they want to as part of normal troubleshooting, want to verify that this particular server has the right AV exclusions in place.  They have no easy way to do this!  So this is just a simple feature request to Symantec to allow a policy option to raise to the SEP client UI, the exceptions in place on any endpoint!  Pretty simple!  But no one has ever listened...  Frustrating!

-2
Login to vote
Elisha's picture

Hello Rick, thanks for your comments.  I will add this to our feature list for review in a future version of SEP.

-1
Login to vote
abromens's picture

Yes - the main use for this case is troubleshooting, (without having to dig into the registry or use a seperate tool to read the policies on the client).  In our case - we probably wouldn't see this allow option for workstations - but would set it for servers so that server admins can see the exclusions without having to contact our SEP support team, etc.

-1
Login to vote
Elisha's picture

Ok, understood.  It sounds like this is mainly applicable to servers and not desktops/laptops.

I know it is not ideal, but you can see the exclusions via the registry under the following paths:

64bit:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions

32bit:

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions
-1
Login to vote
abromens's picture

Right - we're aware of that - but we don't want to go searching for that everytime, nor train new server administrators, etc. - where to look.  Everyone assumes by default you can just see it under the SEP Client console, (after all - it's a setting like everything else).  Having the ability to control whether users can see it or not should be something that is available and controlled by the SEP administrators.  Thanks!

-1
Login to vote