Endpoint Protection

 View Only

  • 1.  Exception for specific SEP clients in a particular group

    Posted Oct 25, 2016 06:46 AM

    Hi,

     

    We have SEP 12.1.6 MP5 running in our environment with 4000+ clients. There are many groups in SEPM containing clients according to the cities e.g.Chicago, Houston, San Jose etc. In one of group (Boston) where we have 400+ clients, our development team members (20 to 30 clients) are also inside it. SONAR is giving them problem as it is blocking legitimate applications that they are working on. We need to disable SONAR for only developemnt team members while other user in Boston group should have it enabled. How can we achieve this?



  • 2.  RE: Exception for specific SEP clients in a particular group
    Best Answer

    Posted Oct 25, 2016 07:37 AM

    Create a subgroup of Boston ("Developers"), disable inheritance of this subgroup and disable SONAR.

    If you don't want a subgroup, create a new Developers group somewhere, then right-click on the Boston group, choose "Copy Policy", then right-click on "Developers" and paste the policy. Then disable SONAR in "Developers".

    In a last step, move the developers' clients into the new group.

    Be aware that in both cases changes in the Boston group don't change anything in the Developers group. 

     



  • 3.  RE: Exception for specific SEP clients in a particular group

    Posted Oct 25, 2016 09:28 AM

    Greg's suggestion is the best route to go.

    Is SEP blocking multiple apps or just one? If needed you can always add and exception as well as submit the app to Symantec for whitelisting.



  • 4.  RE: Exception for specific SEP clients in a particular group

    Posted Oct 25, 2016 10:05 AM

    I don't agree that disabling SONAR, or any other important protection is a sound approach. Development systems are as much or even more at risk than production systems at being infected and even becoming a source of malware distribution. Additionally, you want to have developed the appropriate exceptions for your internal software for when you take it to production.

    My recommendations is:

    Create a subgroup of Boston ("Developers"), disable inheritance of this subgroup and create an alternate Centralized Exceptions Policy where specific applications are set to Ignore, and apply this policy to the group. Don't make execeptions for the folders themselves, as this is also not best practice. In this manner you will develop a solid policy that can be applied to your production environment.

    Alternately a new AV/AS policy can be created from a copy of the production policy, and SONAR set to Log mode for a very limited time in order to allow the developers to do their job while the SEP administrators do theirs and create an appropiate exceptions policy.