Manually configure scan exceptions on Symantec Endpoint Protection (SEP) for Linux from the command line interface.
Exceptions can be configured from the command line in SEP for Linux by using the symcfg tool. This tool must be run as root. For the most up-to-date documentation on symcfg, please refer to the SEP for Linux Client Guide. These instructions apply to a managed or unmanaged client. Exceptions that are set this way are not overwritten by the Symantec Endpoint Protection Manager (SEPM); they will be used in addition to any exceptions from the SEPM.
Scan exceptions in SEP for Linux are case sensitive, and use forward slashes instead of back slashes as in Windows paths. Conventional wildcards (*,?) are supported as of SEP version 14.2 RU1. You can also specify general exceptions for file extensions like .txt, .html, etc.
Directory exceptions for real time scans
To enable directory exceptions -- Note: Back slashes are used in the configuration key (-k) specification:
WARNING: HaveExceptionFiles=0 will also disable file extension exceptions; to disable file exceptions without affection file extension exceptions, delete the HaveExceptionFiles value rather than setting it to zero:
Note that the entire list of excluded extensions are specified in one command, as opposed to file and directory exceptions. So, if you need to remove or add a single extension, re-execute the command with the modified list.
Exceptions for scans other than real time
The commands are identical to the ones above, but Storages\FileSystem\RealTimeScan is replaced with the following:
LocalScans\ManualScan for exceptions that are applied to all manual scans.
Custom Tasks\[ScanID] e.g. "Custom Tasks\MySchedScan" for exceptions that are applied to local scan named "MySchedScan". NOTE there is a space in "Custom Tasks". Also, scheduling and exceptions for an admin scan can only be configured at the SEPM. Use the "sav scheduledscan --list" command line to see a list of scheduled scans, names, and which are admin or local. The sav man page describes options for creating local scans using the "sav scheduledscan --create" command.
"Symantec Endpoint Protection\AV" is the key prefix in SEP (and SAV for Linux as of version 1.0.6). Older versions of SAVFL used keys that were prefixed with "VirusProtect6".