Endpoint Protection

 View Only
  • 1.  centralized exception

    Posted Oct 19, 2012 10:28 AM

    What is centralized exception policy and how it work?



  • 2.  RE: centralized exception
    Best Answer

    Posted Oct 19, 2012 10:31 AM

    Centralized Exceptions Overview

    You can use a centralized exceptions policy to create exceptions for antivirus and antispyware scans. You can also create exceptions for TruScan proactive threat scans or Tamper Protection.

    Any exception that you include in the policy applies to all scans of the same type. For example, you might create an exception to exclude a security risk. The client software then excludes the security risk from all antivirus and from all antispyware scans on the client computers that use the policy.

    Table: Overview options

    Option
    Description
    Policy name Provides the name of the policy that includes all of the centralized exceptions
    Description Enables you to type a description of the centralized exceptions to any existing policies
    Group Path Shows the groups that currently use any of the centralized exceptions
    Location Shows the locations that are associated with the groups that use this exception

     

     

    Centralized Exceptions

    Use this tab to add centralized exceptions for security risks, TruScan proactive threat scans, and Tamper Protection. You can edit or delete exceptions, and you can view exception details.

    A centralized exceptions policy lets you exclude certain items from future detection. Exclude only those items that you have determined are useful in your environment. Those items must not pose a risk to the security of your network.

    You can exclude the following items from antivirus and antispyware scans:
    · Known security risks
    · Extensions 
    · Files 
    · Folders

    For Tamper Protection, you can exclude particular files.

    For proactive threat scans, you can create the following exceptions:
    · Specify an action for a known process that proactive threat scans detect.
    · Force a detection of a particular process.
     

    Note: Cannot make exceptions for a type of scan ie. scheduled, custom or on demand. They all follow the centralized exceptions.
     

    Centralized Exceptions: Client Restrictions

    Use this page to specify restrictions for the types of exceptions that users can add. By default, users can create any type of exception. If you de-select an exception type, the user cannot create any exception of that type.

    Note: Users cannot configure Tamper Protection exceptions.

     

    Centralized Exceptions www.symantec.com/docs/TECH104432

     

     

    How to configure Centralized exceptions:

     

     
    Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 11
    http://www.symantec.com/docs/TECH104326

     



  • 3.  RE: centralized exception

    Posted Oct 19, 2012 10:33 AM

    Centralized Exceptions is policy which can help in exception of file scanning.

    Link for reffernece

    https://www-secure.symantec.com/connect/forums/centralize-exception-policy

    Centralized Exceptions policies contain exceptions for the following types of scans for Windows-based operating systems:

    • Antivirus and Antispyware scans
    • TruScan Proactive Threat Scans
    • Tamper Protection

    Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager

     http://www.symantec.com/business/support/index?page=content&id=TECH104326

    If required theCentralized Exceptions for Server Applications

    You will get the Antivirus Exclusion recommendation on the application support page

    For Microsoft :http://social.technet.microsoft.com/wiki/contents/articles/953.aspx

    Domino :https://www-304.ibm.com/support/docview.wss?uid=swg21417504

    SMS Domino :http://www.symantec.com/business/support/index?page=content&id=TECH79960



  • 4.  RE: centralized exception

    Posted Oct 19, 2012 10:35 AM

    Why Should I Use A Centralized Exceptions Policy?

    There are many reasons that you might want to create a Centralized Exceptions Policy, though here are some of the most common reasons:

    1. In order to automate administrative tasks on user machines, you use tools to hide script windows while they run in the background.
    2. IT Staff use tools such as IP scanners or key loggers for legitimate administrative purposes.
    3. You'd like to control whether your users can add program or security risk exceptions themselves.

    Applications and tools that assist with automated scripting, IP Scanners and KeyLoggers are often categorized as security risks by antivirus software including Symantec Endpoint Protection.   Once SEP has been installed, it will prevent any of these types of programs that it categorizes as security risks from running, and will throw them into the quarantine. 

    In nearly all companies, allowing an IT department to function normally and be able to script and automate various administrative functions can be a critical time saver.   To make sure that those needed programs that are classified by SEP as security risks are still available to your users / IT staff, you'll want to create a Centralized Exceptions Policy.

    How To Create A Centralized Exceptions Policy:

    Centralized Exceptions Policies can be created from within Symantec Endpoint Protection Manager.   Once you've loaded it and logged in, follow these steps:

    1. Choose the Policies tab from the left-hand menu
    2. Under View Policies, select Centralized Exceptions
    3. Right-Click in the Centralized Exceptions Policies section and choose Add
    4. In the Overview of your new policy, type a name and description for your new policy (i.e.  IT Exceptions, Security Risk Exceptions for the IT Department)
    5. Next, click on Centralized Exceptions in the left menu
    6. On this screen, you'll need to add those applications that you'd like to exclude from SEP checking.   These can be Security Risks, specific files or folders or even file extensions.  To exclude one of these items, add it and choose Ignore as the action.
    7. The third option on the left menu will allow you to configure the options that allow or deny specific Policy Groups the option to create exceptions themselves.  You can choose specific types of allowed or denied exceptions if you'd prefer.
    8. Finally, Click OK.

    https://www-secure.symantec.com/connect/articles/centralized-exceptions-policies-why-use-them-and-how-configure-them

    Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 11

    http://www.symantec.com/business/support/index?page=content&id=TECH104326

    Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 12.1

    http://www.symantec.com/business/support/index?page=content&id=TECH183201

    https://www-secure.symantec.com/connect/forums/how-set-sepm-central-exception-monitor-non-exe-excutable-files

    http://www.symantec.com/business/support/index?page=content&id=TECH176906

    Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager

     http://www.symantec.com/business/support/index?page=content&id=TECH104326

     

    About the automatic exclusion of files and folders for Microsoft Exchange server and Symantec products

    http://www.symantec.com/business/support/index?page=content&id=TECH102400

    SEP recognizes the Exchange server and the necessary folders and files are excluded by default.
    http://www.symantec.com/docs/TECH97707

    Subfolders of folders that are excluded by Automatic Exclusions for Exchange are scanned

    http://www.symantec.com/business/support/index?page=content&id=TECH134854

    Check this thread :

    http://www.symantec.com/connect/forums/sep-121-exchnage-2010-automatic-exclusions

     

     



  • 5.  RE: centralized exception

    Posted Oct 21, 2012 09:31 AM