As of 14.0.1, you can add exceptions for certificates individually to prevent the files that it signs from being scanned and detected as suspicious. For example, a tool that your company developed internally may use a self-signed certificate. Excluding this certificate from scans prevents Auto-Protect, Download Insight, SONAR, or other scans from detecting the files that it signs as suspicious.
The certificate exclusion supports the X.509 and base64 certificate types only. When you add a certificate exception, you need a copy of the public certificate in a DER or base64 encoded file (.cer).
Certificate exclusions are not supported for the following items:
Memory Exploit Mitigation
Proactive Threat Protection system change events
Certificate-signed files within a compressed file
The excluded certificate does not have to be installed in the certificate store on the client computer in order for the exclusion to work. In the case of a conflict between a certificate exception and a blacklist rule, the blacklist rule takes precedence.
You can only add a certificate exception through the Symantec Endpoint Protection Manager policy, not through the Symantec Endpoint Protection client interface settings.
You can only add a certificate exception in Symantec Endpoint Protection Manager if it is unenrolled from the cloud console. If Symantec Endpoint Protection Manager is enrolled, use the cloud console to add or manage a certificate exception.
To exclude a certificate from scans on Windows clients
On the Exceptions Policy page, click Exceptions.
Under Exceptions, click Add > Windows Exceptions > Certificate.
If Symantec Endpoint Protection Manager is enrolled in the cloud console, this option does not appear. Instead, add certificate exceptions in the cloud console.
Under Certificate File, click Browse to navigate to the certificate that you want to exclude, and then click OK.
Confirm that the values under Certificate Information are correct for the certificate that you want to exclude, and then click OK.
To create exceptions for more than one certificate, repeat the procedure.