Endpoint Protection

 View Only

  • 1.  how to exclude a group of files from scanning in SEP ?

    Posted Sep 30, 2009 04:45 PM
    I understand that i can exclude a folder or a file from being scanned via the policy in the management console or in client configuration, but how do i exclude a group of files with the same extention in %windir%\security folder?
    this is per  http://support.microsoft.com/kb/822158

    *.edb
    *.sdb
    *.log
    *.chk








  • 2.  RE: how to exclude a group of files from scanning in SEP ?

    Posted Sep 30, 2009 04:56 PM
     You can add Security risk exception exclusion in Centralised exception policy.
    edb and sdb are database files for which having exclusions are recommended.However exclusion for .log and .chk would not be recommened globally.

    So you'll have to make file and folder exceptions 

    eg: %windir%\security\EDB.log
    %windir%\security\EDB.chk
    windows\security\database\Security.sdb
    %allusersprofile%\NTUser.pol
    %Systemroot%\system32\GroupPolicy\registry.pol


  • 3.  RE: how to exclude a group of files from scanning in SEP ?

    Posted Sep 30, 2009 05:00 PM
    About the automatic exclusion of files and folders
    The client software automatically detects the presence of certain third-party applications and Symantec products. After it detects them, it creates exclusions for these files and folders. The client excludes these files and folders from all antivirus and antispyware scans.
     
    The client software automatically creates exclusions for the following items:
    ■ Microsoft Exchange
    ■ Active Directory domain controller
    ■ Certain Symantec products
     
    Note: To see the exclusions that the client creates on 32-bit computers, you can
    examine the contents of the
     
    HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint
    Protection\AV\Exclusions registry. You must not edit this registry directly. On
     
    64-bit computers, look in
     
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SymantecEndpoint Protection\AV\Exclusion


  • 4.  RE: how to exclude a group of files from scanning in SEP ?

    Posted Sep 30, 2009 05:05 PM

    I did not say i want to exclude from scanning *.edb *.sdb *.log *.chk on the entire hard drive I just want them excluded in %windir%\security.

    This was possible to set up in Corp version of Antivirus.



  • 5.  RE: how to exclude a group of files from scanning in SEP ?

    Posted Sep 30, 2009 05:11 PM
     Well in SEP you can either exclude the file or directory or extension
    there isn't an option for excluding extensions in a folder.
    So here either you will have to exclude the %windir%\security.folder or all the edb,sdb,log and chk files one by one.


  • 6.  RE: how to exclude a group of files from scanning in SEP ?

    Posted Sep 30, 2009 05:14 PM
    excp.JPG



    excp.JPG


  • 7.  RE: how to exclude a group of files from scanning in SEP ?

    Posted Sep 30, 2009 05:44 PM
    We really need the ability to exclude files via wildcards within a directory. This is mainly due to the sequenced creation of log files.


  • 8.  RE: how to exclude a group of files from scanning in SEP ?

    Posted Sep 30, 2009 05:59 PM

    derekz29 i am 100% with you on that.

    Symantec, when should we see this feature implemented?



  • 9.  RE: how to exclude a group of files from scanning in SEP ?
    Best Answer

    Posted Sep 30, 2009 06:04 PM
     I would like you to create an IDEA for this issue.
    https://www-secure.symantec.com/connect/security/ideas


  • 10.  RE: how to exclude a group of files from scanning in SEP ?

    Posted Dec 21, 2009 04:07 PM
    I agree, the ability to use wildcards within folders for exclusions would be very helpful, especially in using the exclusions in the MS document (822158) that Symantec specifically recommended regarding exclusions.

    Another related question.  That same document references a Windows variable, %allusersprofile% which doesn't seem to exist as a prefix within SEPM for creating an exclusion.  Can I choose a prefix of [NONE] and use the variable within the path,

    [NONE] | %allusersprofile%NTUser.pol

    in order to exclude the GP user registry information?  Will this work, or is there a way to add additional prefixes?

    Thanks!

    Mark