Endpoint Protection

 View Only
  • 1.  SEPM policy for MSSQL

    Posted Mar 05, 2012 03:42 PM

    We need to intitute an exclusion policy for MSSQL servers, but it would seem that whereas the relevant MS KB article recommends excluding some dirs with auto-generated names, SEPM does not allow for wildcard matching in exception rules.

     

    Some other posts seem to suggest, however, that SEP contains exception rules for a few MS products by default, but it's unclear to me whether MSSQL is one of those products.

     

    Thus: Does SEPM automatically institute exclusion policies for MSSQL on clients running that product and, if not, how does one go about creating a sane policy?



  • 2.  RE: SEPM policy for MSSQL
    Best Answer

    Posted Mar 05, 2012 06:29 PM

    As far as I know SEP will not exclude MSSQL files automatically from scanning.

    If you want to know which all folders/Files are excluded from scanning in a particular system you may refer registry keys as described in below KB article

    How to understand the file or folder exclusion in the registry by Symantec Endpoint Protection

    For creating exclusion policies you may refer this KB

    How to exclude MS SQL files and folders using Centralized Exceptions

     

    If each of your SQL servers users data in different paths you may go with file extension based exclusion.

    OR

    If the SQL servers keep the data files in similar path you may create exclusion based on directory as well.

    Please refer below KB for more information regarding Centralized exceptions.

    Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager



  • 3.  RE: SEPM policy for MSSQL

    Posted Mar 05, 2012 10:27 PM

    There is no automatic exclusion for SQL.

    Find the below articles from Symantec & MS, this will help you.

    http://www.symantec.com/business/support/index?page=content&id=TECH105240

    http://support.microsoft.com/kb/309422



  • 4.  RE: SEPM policy for MSSQL

    Posted Mar 05, 2012 10:29 PM

    Hello,

    You can check out the below document as well,

    Can Symantec AntiVirus or Symantec Endpoint Protection scan a MS SQL database?

    http://www.symantec.com/business/support/index?page=content&id=TECH100129&actp=search&viewlocale=en_US&searchid=1331004410942



  • 5.  RE: SEPM policy for MSSQL

    Posted Mar 05, 2012 11:51 PM

    What I'm *specifically* referring to is the example of excluding ...\MSSQL.1\..., which neatly answers my other question of of whether "instance name" is predictable as it seems to be normal counting, but since we have customers that are responsible for their own machines, but rely on us for AV, we will have no control over whether more than one instance is run on a specific server, and cannot just make policies on a per-server basis. When can we expect wildcard match functionality?



  • 6.  RE: SEPM policy for MSSQL

    Posted Mar 06, 2012 05:04 AM

    When you have a doubt about manual or auto-exclusion, just check in client registry to see if rules are applied:

    http://www.symantec.com/docs/TECH105814



  • 7.  RE: SEPM policy for MSSQL

    Posted Mar 07, 2012 04:04 AM

    Marked the first answer as solution, but each post was helpful, so thank you all.



  • 8.  RE: SEPM policy for MSSQL

    Posted Mar 09, 2012 05:34 PM

    Hi Sune,

    There is a product enhancement request for the same is present in the idea section of this form. You may also vote for it.

    Wildcards for Centralized Exceptions for Endpoint Protection