Endpoint Security/Protection agent 1,000 Auto-Protect exclusion limit on Windows
search cancel

Endpoint Security/Protection agent 1,000 Auto-Protect exclusion limit on Windows

book

Article ID: 164389

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Auto-Protect on Windows devices does not support more than 1,000 combined filename and/or file path exclusions.  As a result, one or more of the following issues may be encountered:

When using Symantec Endpoint Security (SES, cloud)

  • Allow List's which contain more than 1,000 Auto-Protect exclusions may not be excluded as expected.
  • Unable to add Auto-Protect (AP) path and/or filename exception to an Allow List policy.

You see this warning message in the Filename or Path section of the Allow List policy.

The number of combined filename and path exclusions exceeds the 1,000 maximum that Auto-Protect on Windows supports. Limit the policy to 1,000 exclusions or less.

You see this error message when trying to add an Auto-Protect item to the Allow List.

You cannot add the selected criteria because Auto-Protect for Windows does not support more than 1000 filenames and paths combined.

 

When using Symantec Endpoint Protection (SEP, on-prem)

  • Auto-Protect filename and or path exclusions are not being honored as expected.

When creating a large centralized exception policy in Symantec Endpoint Protection Manager (SEPM), you notice that several Auto-Protect exclusions fail to apply.  The following error is seen in vpdebug logs:  

<timestamp> AP Exclusion: F:\MSSQL\DATA
<timestamp> CSAVRTExclusions::AddDirectoryExclusions -- Could
not add Directory based exception!

Environment

Symantec Endpoint Security or Symantec Endpoint Protection Windows agent.

Cause

Auto-Protect (AP) on Windows devices does not support more than 1,000 combined filename and/or path exclusions in an Allow List or Exception policy.

Resolution

Allow List and Exceptions policies must be limited to 1,000 or fewer combined AP filename and/or path exclusions on Windows. 

  • Entries in the Allow List which are not AP exclusions do not have a limit.
  • The limitation does not apply to Auto Protect on Mac or Linux agents.

Additional Symantec Endpoint Security specific details

Starting March 2024 (2024.03 Refresh), adding more than 1,000 combined filename and path exclusions for Auto-Protect in an Allow List policy will be be prevented.  The restriction applies to adding exceptions directly in the policy, from the Centralized Allow List or via API.  This restriction does not apply when an exception policy is imported from a Symantec Endpoint Protection manager.

Within existing Allow List policies that exceed the limit you can add new filename or path exclusions using one of the below options:

  • Remove an existing Auto-Protect exclusion.
  • Edit an exclusion so it does not apply to Auto-Protect.