Endpoint Protection

Hi,  I'm running SEP12.1.6 Is it possible to exclude file level scanning on processes (.exe) ? I have a long list that I need to exclude. I think the proper way is to:

1. Open SEPM and go to policies

2. open Exceptions policie

3. click on add - windows exceptions- file

4. add the executable (.exe) example - EdgeTransport.exe

Thanks

That's correct also make sure the policy you've added it to is active in the group you want the exceptions to be applied to. Below is a link to the various scanning exceptions you can add. 

https://support.symantec.com/en_US/article.HOWTO80919.html

I have one policy for all Servers. That should be fine as far as I know.

That's fine then you're good to go :)

No, you are not good to go.

When putting an exception on an executable, you have to enter the entire drive:path as well.

Just entering the executable name is not enough.

And you cannot use wild card either. Just entering the executable name is considdered a wild card.

Example of a correct exception:

C:\Program Files\Application\ EdgeTransport.exe

*Tip: enter all your data in either lower case or upper case.

Makes sorting a lot easier.

Apparently, Symantec decided to make the sort case-sensitive.

And for the actual exception, upper or lower case makes no differense.

All explained in the link on first post John ;) 

GOOD catch, johnsnnl. Some of us need our hand held and a better explanation than just posting a link.

Thanks Johnsnnl, I didn't realize that. I guess I'm one the those people that need hand holding. Thank again

you and me both mate, luckily someone knew what's up

One more question - If I'm already excluding C:\Program Files\Application directory do I still need to exclude C:\Program Files\Application\ EdgeTransport.exe ?

Not if you have that directory excluded and have 'Include subfolders' checked (for sub-folders):

So if I have multiple exe running in C:\Program Files\Application directory I would have to list them individually or is there a way to capture all?

By excluding the entire Application directory it would capture everything. There would be no need to add additional exceptions for anything in this folder or sub-folders (if you checked the box).

Thanks all

Depends on how many executables you have.

If it is just a few, do the files.

Remember that when you eclude a directory, including sub directories, that entire directory is not scanned.

Up to you if that is exceptable.

Example: some hacker/disgruntled employee can copy some malicious executable into that directory, or the sub directories, and it will never be detected.

Therese about 30+ executable in the directory so its easier to exclude that directory then add specific paths.