You need more details about the Options in the Policies of the Symantec Endpoint Protection Manager (SEPM).
Centralized Exceptions Policy
Centralized Exceptions Overview
You can use a centralized exceptions policy to create exceptions for antivirus and antispyware scans. You can also create exceptions for TruScan proactive threat scans or Tamper Protection.
Any exception that you include in the policy applies to all scans of the same type. For example, you might create an exception to exclude a security risk. The client software then excludes the security risk from all antivirus and from all antispyware scans on the client computers that use the policy.
Table 1: Overview options
Provides the name of the policy that includes all of the centralized exceptions
Enables you to type a description of the centralized exceptions to any existing policies
Shows the groups that currently use any of the centralized exceptions
Shows the locations that are associated with the groups that use this exception
Use this tab to add centralized exceptions for security risks, TruScan proactive threat scans, and Tamper Protection. You can edit or delete exceptions, and you can view exception details.
A centralized exceptions policy lets you exclude certain items from future detection. Exclude only those items that you have determined are useful in your environment. Those items must not pose a risk to the security of your network.
You can exclude the following items from antivirus and antispyware scans:
Known security risks
For Tamper Protection, you can exclude particular files.
For proactive threat scans, you can create the following exceptions:
Specify an action for a known process that proactive threat scans detect.
Force a detection of a particular process.
Note! Cannot make exceptions for a type of scan ie. scheduled, custom or on demand. They all follow the centralized exceptions.
Centralized Exceptions: Client Restrictions
Use this page to specify restrictions for the types of exceptions that users can add. By default, users can create any type of exception. If you de-select an exception type, the user cannot create any exception of that type.