Tasks freeze or delay
Process usage shows coh32.exe utilizing 90-100% cpu usage for extended periods
Unknown processes are repeatedly scanned.
This can also occur if the Proactive Threat Protection Scan Frequency is set to scan new processes immediately even though the option was set to "At the default scanning frequency" at a later time. If the check mark is left for "Scan new processes immediately" it can cause processes to be scanned continuously.
Add custom scripts and applications (especially those developed by the customer in-house) to the force detection list and then add a TruScan Centralized Exception exception to ignore/log only these processes.
To force a process to be detected by TruScan so an exception can be made requires two steps: 1.) Force TruScan to detect the process. 2.) Add the appropriate exception to the detected process.
Follow the steps below by first selecting Process to force process detection, and then again, selecting Detected Processes to add the exception.
1. Log into the SEPM and click
View Policies click
Add a Centralized Exception policy... This will create and open a new Centralized Exceptions Policy.
4. In the left pane, click
5. Click the
Add button to open a drop-down menu. Move the cursor over
TruScan Proactive Threat Scan Exceptions to open a second drop-down menu.
6. Select one of the two options:
Note: if you are unsure about what type of exception to make please see the chapter entitled "Configuring Centralized Exceptions Policies" in the "Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control". 8. Enter the appropriate information for the detected processes, or process you would like to exclude.
9. (Optional) Repeat steps 5 through 7 to add any other TruScan Proactive Threat Scan Exceptions you would like to the policy.
10. (Optional) Follow the appropriate steps under "Creating exceptions for Antivirus and antispyware scans" or "Creating exceptions for Tamper Protection scans" to add those types of exceptions to this policy.
Technical Information By default, TruScan does not automatically document unknown processes. If it cannot find a reason to white list the process or alert on the process, it merely keeps rescanning it. Forcing custom application processes to be detected will add them to the detected application list and known good/internal applications can then be excluded/white-listed.
Imported Document Id
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.