Excluding a trusted web domain from scans on Windows clients
Last Updated April 24, 2019
You can exclude a web domain from virus and spyware scans and from SONAR. When you exclude a trusted web domain, any file that the user downloads from any location within that domain is always allowed. However, Auto-Protect and other defined scans still scan the file.
By default, Download Insight excludes the websites that appear on the Internet Trusted Sites list through Internet Explorer > Tools > Internet Options > Security. You can configure this setting from the Download Insight settings in the Virus and Spyware Protection policy.
If Download Insight or Auto-Protect is disabled, trusted web domain exceptions are also disabled.
You should use caution when you configure exceptions. Every exception that you create lowers the security profile of the computer. Consider submitting any suspected false positives for examination rather than opening a permanent scan exclusion. Always use the multiple layers of protection that Symantec Endpoint Protection provides.
Follow these guidelines when you create a web domain exception:
You must enter a single domain as a URL or an IP address when you specify a trusted web domain exception. You can specify only one domain at a time.
Port numbers are not supported.
When you specify a URL, the exception uses only the domain name portion of a URL. You can prepend the URL with either HTTP or HTTPS (case-insensitive), but the exception applies to both protocols.
When you specify an IP address, the exception applies to both the specified IP address and its corresponding host name. If a user navigates to a location through its URL, Symantec Endpoint Protection resolves the host name to the IP address and applies the exception. You can prepend the IP address only with HTTP (case-insensitive).
Both Download Insight and SONAR exclude the domain regardless of whether a user navigates to the domain through HTTP or HTTPS.
For an FTP location, you must specify an IP address. FTP URLs are not supported.
The wildcard * is supported for use with exceptions for trusted web domains.
(As of version 12.1.6)
Versions earlier than 12.1 RU2 do not support HTTPS or FTP IP addresses.
To exclude a trusted web domain from scans on Windows clients
On the Exceptions Policy page, click Add > Windows Exceptions > Trusted Web Domain.
In the Add Trusted Web Domain Exception dialog box, enter the domain name or IP address that you want to exclude.
Repeat the procedure to add more web domain exceptions.