Configuring Centralized Exceptions policies in Endpoint Protection Manager
Last Updated June 30, 2017
A file, folder, file extension or application needs to be excluded from being scanned by one or more features of the Symantec Endpoint Protection (SEP) client.
Such exclusions can be configured for managed SEP clients using Centralized Exceptions policies in the Symantec Endpoint Protection Manager (SEPM) console.
Centralized Exceptions policies contain exceptions for the following types of scans for Windows-based operating systems:
Scheduled and on-demand scans
Create exceptions for antivirus and antispyware scans
Follow the instructions below to make the type of exception required.
Note: Security Risk Exceptions are global, and apply to all Scheduled Scans as well as real-time Auto-Protect.
In SEPM, click Policies.
Under Policies click Exceptions.
Under Tasks click Add an Exceptions policy. This will create and open a new Centralized Exceptions Policy.
In the left pane, click Exceptions policy and select Edit the policy under Tasks.
In the policy, select Exceptions.
Click the Add button to open a drop-down menu. Move the cursor over Windows Exceptions to open a second drop-down menu.
Select one of the nine options: Application, Application to Monitor, Application Control, Extensions, File, Folder, Known Risks, Trusted Web Domain, Tamper Protection Exception.
Note: Wildcard variables such as * and ? are not supported for Known Risks, File, or Folder exceptions. The ? wildcard is supported for Extension exceptions. The Folder exceptions screen will accept * and ? but they will be treated as literal characters not wildcard variables.
For File and Folder-based exclusions, the Full Path to the file must be specified, unless a "Prefix Variable" is selected. If a "Prefix Variable" is selected, the path specified should be relative to the selected "Prefix Variable"
If you are unsure about what type of exception to make please see the chapter entitled "Configuring Centralized Exceptions Policies" in the pdf "Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control".
Enter the appropriate information for the item to be excluded. For Extensions, File, and Folder exclusions, specify the type of scans that will be excluded from the drop down menu or menus.
(Optional) Repeat steps 6 through 8 to add any other Security Risk Exceptions to the policy.
Assign the policy to a group within the SEPM.
References For more information please see the chapter entitled "Configuring Centralized Exceptions Policies" in the pdf "Administration Guide for Symantec™ Endpoint Protection and Symantec Network Access Control"
Technical Information Glossary of File/Folder Prefix Variables
NAME OF PREFIX
A folder for components that are shared across applications. A typical path is C:\Program Files\Common Files
The Windows System folder. A typical path is C:\Windows\System32 or C:\WINNT\System32
The file system folder that contains the folders for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs
The file system folder that contains documents that common to all users. A typical path is C:\Documents and Settings\All Users\Documents
The Program Files folder. A typical path is C:\Program Files
The file system folder that contains files and folders that appear on the desktop for all users. A typical path is C:\Documents and Settings\All Users\Desktop
The Windows folder or SYSROOT. This corresponds to the %windir% or %SYSTEMROOT% environmental variables. A typical path is C:\Windows or C:\WINNT
The file system folder containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data
The file system folder that contains all the programs that appear in the Startup folder for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Note: Endpoint Protection does not allow the use of wildcards.
Two more Prefix variable were added in SEPM 14.0 as below:
File system folders that correspond to all the users.
The SYSTEM_DRIVE variable indicates the location where the Windows operating system is installed
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe