Hello,
When creating group structure, it is best to keep the process as simple as possible to avoid confusion at later times. It is also helpful to remember the fact that policies apply directly to groups, not to clients. Clients will only inherit the policies of the group they are placed in.
When Symantec Endpoint Protection detects the presence of certain third-party applications and some Symantec products, it automatically creates exclusions for these files and folders. The client excludes these files and folders from all scans.
Note: The client does not exclude the system temporary folders from scans because doing so can create a significant security vulnerability on a computer.
To improve scan performance or reduce false positive detections, you can exclude files by adding a file or a folder exception to an Exceptions policy. You can also specify the file extensions or the folders that you want to include in a particular scan.
The client software automatically creates file and folder scan exclusions for the following Microsoft Exchange Server, Microsoft Forefront, Active Directory domain controller, Symantec products, Veritas products.
Check these Articles below:
Best Practices for Creating Client Group Structure
https://support.symantec.com/en_US/article.TECH134409.html
About the files and folders that Symantec Endpoint Protection excludes from virus and spyware scans
https://support.symantec.com/en_US/article.HOWTO80947.html
Recommended security settings for Endpoint Protection
https://support.symantec.com/en_US/article.TECH173752.html
Regards,