Endpoint Protection

 View Only
  • 1.  Best Practice for adding exclusions from Manager

    Posted Feb 21, 2018 02:11 PM

    I currently have my clients group populated by location. Now I have a request to create an exception, should I create a new group called Exceptions and subgroups for each exclusion?

    What is the best practice for adding exclusions through the SEPM? Is there any Symantec documentation?



  • 2.  RE: Best Practice for adding exclusions from Manager
    Best Answer

    Posted Feb 21, 2018 02:17 PM

    There are some guidelines but nothig in regards to 'best practices':

    http://www.symantec.com/docs/TECH171061

    It all comes down to how easy it is for you to manage while keeping things secure. There was a recent thread on this as well:

    https://www.symantec.com/connect/forums/best-practice-exceptions

    Is it difficult to manage multiple locations/groups and policies? If not, then you can get more granular and break them out separately. You could create the exception and apply it everything, even though the exception may only apply to one or two groups. Yes, it does open a hole but realistically this may be less tedious to manage. If you can easily manage multiple groups then break them out individually and create a specific policy for it.



  • 3.  RE: Best Practice for adding exclusions from Manager
    Best Answer

    Trusted Advisor
    Posted Feb 22, 2018 09:59 AM

    Hello,

    I believe you haven't yet created the SEPM Group structure completely.  Since you have the Groups based on Locations, you may now need to decide if the exceptions are specific to 1 single location / multiple machine with common applications and if those machines fall in the same group?

    You may check this article which would assist you in creating group structure.

    https://support.symantec.com/en_US/article.TECH134409.html

    Once you have the group structure in place, you may then start creating policies for each group.

    Check these articles on Assigning and Managing policies :   

    https://support.symantec.com/en_US/article.HOWTO80772.html

    https://support.symantec.com/en_US/article.TECH104436.html

    As for the Exception policies, check this Article:   https://support.symantec.com/en_US/article.TECH104326.html

     

    Regards,