Endpoint Protection

Hi,

We're using Kerio Connect mailserver that integrates with Outlook through Kerio Outlook Connector that is a piece of software that is installed on all our computers. This connector caches all mails, calendars and contacs in a database file called STORE.FDB and it's located in a folder in the users profile.

I would like to exclude this file or the whole directory that it's located in from scanning and I would of course prefer to create this exclusion from SEPM so that I don't have to walk around to all computers and create this exception for all users on the computers!

The challenge is that the file is stored in (on Windows 7) C:\Users\[username]\AppData\Local\Kerio\Outlook Connector\[some random numer\STORE.FDB. Can I specify something like %USERPROFILE%\AppData.... in the exception? If not then how do I do this?

We're running SEP 11.05.

Regards,
René Frej Nielsen

it wont work
its still under progress.
Note, March 2010: There is an Idea (Enhancement Request) in the forum for adding the ability to exclude Windows profiles. Customers who complain of the missing capability to exclude user profile files like ntuser.dat can be directed to that Idea, where they can add their vote constructively. 

What variables and wildcards does Endpoint Protection allow in Centralized Exception Policies

http://service1.symantec.com/support/ent-security.nsf/docid/2008093008072448
You can exclude just the file STORE.FDB using the above doc; no matter where its located; if exists will not be scanned :)

Just exclude the extension of the file since its specific to the mailstore

So you're telling me that both of these will work?

No .Only first will work(The one with file extension..)

But how do I do this then:

You can exclude just the file STORE.FDB using the above doc; no matter where its located; if exists will not be scanned :)

you need to select the file for exclusion.

I don't think without giving full path or valid variable it will work.You can confirm this with the below doc
How to log all files and directories scanned during On-Demand / Scheduled Scan with Symantec Endpoint Protection 11.0
Create policy assign to one group and test it..

Just exclude a single file ; excluding with extensions will exclude all the files with that extensions; the risk in high in the second case.

I'm really happy for the many replies, but I'm still a bit confused about what will work, and what won't. I agree that exluding the whole extensions seems to be a risk, but if it's the only thing that will work, then it's ok in this situation.

I would rather exclude all files named STORE.FDB but since the box says "File (include full path)", then I guess it's not possible to just enter a filename without a path.

How do I check if the exception is working? Should I look at a log file on the client to see if it's skipping this file, and which log file would that be?

Watching the log will be ideal I belive...

Excluding the extension is not a risk the extension is a database extension, when i make sql exclusions I exclude the extension.

Look at this doc towards the bottom it states "*As an option you could instead do file extension exceptions for .mdf, .ldf, and .ndf files instead of whole directories, especially for SQL servers with more than one database/instance."