Unfortunately, Symantec does not provide any mechanism for using a UNC when creating a custom exclusion.
This is ridiculous, we are in 2016! UNC pathes isn't the new thing of the year. How is it possible that a business program isn't supporting somthing so fundamental. Can't believe it, UNC pathes are used almost among any business network for 10s of years!
Is the file flagged by SEP on the server - and is it truly a false positive?
The file is not flagged by SEP on the server because there is an exclusion for the Server already. Before that, it was flagged. And it is truly a false positive. It is part of the ERP software solution we use and it is recognized as Heur.AdvML.B and we have checked this multiple times even with the developer.
Have you created a rule to exclude it on the server - and what are the results?
Yes see answer above.
I'm going to suggest that you copy the file to a specific location on the client and write the exclusion for it as a test.
Testing that right now. I will write another post if this works or not.
Additional information:
The odd thing is that on some of our client computers the exe-file we are talking about (in the network path) is NOT recognized as a virus. All is working fine here. I checkt the software versions and virus definitions they are all the same (newest). I checked the policy, all computers belong to the same policy in SEP. I reinstalled SEP on the problematic computers without changing the result. These computers are completly mirrors, same set of software, same settings, same SEP policy.
This looks not very trustworthy to me when SEP finds a virus sometimes and sometimes it does not. Another thing is that right after reboot I can run the ERP software. But if I wait a minute after reboot and then run the ERP, it is killed by SEP. This can't be an acceptable behaviour.