You would like to create a Security Risk Exception for a Symantec Endpoint Protection for Macintosh client from the SEPM.
NOTE: In SEP for Macintosh (as of SEP 11 RU6) Centralized Exceptions are honored only by AutoProtect scans.
See: Centralized Exceptions set for Macintosh clients do not seem to be respected for scheduled or manual scans
Follow the steps below to add a custom Security Risk Exception for a Mac client from the SEPM.
- Launch the Symantec Endpoint Protection Manager.
- To create a blank Centralized Exceptions policy, under the Policies view, select the Centralized Exceptions option, then click Add a Centralized Exceptions Policy. Enter a name for the policy and then click OK.
You can also modify a Centralized Exceptions policy currently in use in the group in which your Mac client (or clients) reside.
- Under Centralized Exceptions, click Add, select the Mac Exceptions then Security Risk Exception for file and Folder.
- Enter the file or folder path and then click OK. Macintosh file paths use forward slash ( / ), not backslash ( \ ). A leading forward slash is not required if a prefix is chosen. As well as the prefix choices, SEP for Macintosh supports a range of wildcard matches:
* matches zero or more characters (all characters, including slashes in a path)
? matches a single character (again, all)
[ ] matches a single character against a list and/or range of characters
^ matches a single character other than character or range following (used with [ ])
Note that subfolders are automatically part of an excluded folder, but compressed archives won't be excluded unless you add a trailing asterisk.
- To save the changes to the policy, click OK, then OK again. If this is a new policy, you will be asked to assign the policy. Assign it to the group/s in which the Mac client/s reside. It will override any Centralized Exception policy already assigned to this group.
To complete this process and exclude this file/location from real time scanning by Auto-Protect, you must also perform the additional step:
- While still in the Policies section of the SEPM, click on Antivirus and Antispyware in the left pane, then open the Antivirus and Antispyware policy in use by the group/s in which the Mac clients reside.
- In the new window that pops up, in the left pane under Mac Settings, click on File System Auto-Protect.
- Under Scan Details, under General Scan Details, click on the button next to Scan everywhere except in specified folders.
- To save the changes to the policy, click OK.
You can verify receipt of policy at the SEP for Macintosh client by turning on smc debugging, and examining the smc_debug.log, found in /Library/Application Support/Symantec/SMC/debug/
Confirm Macintosh File System AutoProtect general options by searching for ApScanOptions:
... and confirm Centralized Exception Details by searching for MacGlobalExceptionName
Prefix variables and wildcards:
[HOME] = any user's home directory (/Users/username/); applies also to the root home directory (/var/root/)
[APPLICATION] = the Applications directory = /Applications/
[LIBRARY] = /Library/
When using prefix variables, the slash after variable is unnecessary. For example, to exclude a test folder on the user's desktop:
When As well as the prefix choices, SEP for Macintosh supports a range of wildcard matches:
* (asterisk) matches zero or more characters.
? matches a single character.
NOTE: In older versions of SEP for Mac, exception wildcards would match all characters, including slashes in a file path. This would allow construction of some exceptions that allowed a broad selection of files. For example, /*.mdb would exclude the scanning of all .mdb files under all paths. As of SEP 12.1 RU6, wildcards do not match slashes and the /*.mdb example would only match .mdb files at the root of the file system. To match files at depths up to n levels, the previous example will need to be replaced with a group of n different exceptions, e.g for four levels: /*.mdb, /*/*.mdb, /*/*/*.mdb, and /*/*/*/*.mdb
Excluding ALL files in a folder and all subfolders is always done with a folder exclusion, e.g. /Users/*/UserDatabaseFiles/ will exclude all the UserDataBase files and subfolders in all user profiles. If the trailing slash is omitted, the exception will additionally match any file named "UserDatabaseFiles" in the root of user profiles.