In the Symantec Endpoint Protection Manager, you have configured Centralized Exceptions for Macintosh clients. You find that the exclusions appear to hold for Auto Protect, but not for scheduled, manual or mount scans.
- Exclusion set per Symantec documentation (Centralized Exception Policy and Antivirus/Antispyware policy)
- EICAR test string is not intercepted when saved to excluded directory
- However, other scans--manual, scheduled, contextual--pick the file up.
This is expected behavior. Centralized Exceptions do not apply to manual scans (launched manually, by schedule, or by the "Mount Scan" feature); they work only for AutoProtect. This is leftover behavior from Symantec Antivirus for Macintosh (SAV for Mac), where "SafeZones" applied only to AutoProtect. Macintosh scans that are scheduled from the SEPM are also an "all-or-nothing" proposition; you cannot work around the exceptions shortcoming by scheduling a selective scan from the SEPM.
A more customizable way of running manual or scheduled scans on SEP for Macintosh is to use the Symantec Scheduler (SEP Client GUI, Utilities menu->Symantec Scheduler) or the NAVX command line. These tools must be run locally on the SEP for Macintosh client and are not configurable from the SEPM:
Command line switches and use of NAVX command line utility for SAV/SEP for Macintosh
Guide to symsched Command-line Switches
Title: 'How to create a Security Risk Exception for a Mac client from the Symantec Endpoint Protection Manager (SEPM)'