Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Recommended exclusions for servers with SEP?

  • 1.  Recommended exclusions for servers with SEP?

    Posted Sep 09, 2009 10:50 AM
    Does anyone know if there is a list of recommended exclusions for servers with SEP installed? If there isn't, can someone give me some examples of what they are currently excluding. Right now I am thinking about excluding SQL files, but I'm sure there are many others such as the Windows Update folder.

    Any Ideas?


  • 2.  RE: Recommended exclusions for servers with SEP?

    Posted Sep 09, 2009 11:03 AM
    Please 

    Create Exclusions / Centralized Exceptions for files with the following extentions -
     
    *.MDF ; *.NDF and *.LDF
     
    Additionally, create an exception for the folder where your database data files (*.MDF ; *.NDF and *.LDF) are going to be stored.

    following

    https://www-secure.symantec.com/connect/forums/how-install-sep-11-client-sql-server

     


  • 3.  RE: Recommended exclusions for servers with SEP?

    Posted Sep 09, 2009 11:16 AM
    Security risk folders:
    system32\dns, wins, dhcp  ntds.dit  spool folder
    windows\ntds, ntfrs  SYSVOL

    symantec\scan engine\temp
    microsoft sql server folder

    security risk extensions:
    dat, stm, edb, sql, mdb, chk, dit, jdb, cab, log







  • 4.  RE: Recommended exclusions for servers with SEP?

    Posted Sep 09, 2009 12:08 PM
    Also SEP Cleint can Detect the Presensce of a Domain Controller and Exchnage server  on the server and it can create automatic exclusion for that.

     
    After it detects them, it creates exclusions for these files and folders. The client excludes these files and folders from all antivirus and antispyware scans.
     
    The client software automatically creates exclusions for the following items:
    ■ Microsoft Exchange
    ■ Active Directory domain controller
    ■ Certain Symantec products
     
    Note: To see the exclusions that the client creates on 32-bit computers, you can
    examine the contents of the
     
    HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint
    Protection\AV\Exclusions registry. You must not edit this registry directly. On
     
    64-bit computers, look in
     
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SymantecEndpoint Protection\AV\Exclusion


    Title: 'About the automatic exclusion of files and folders for Microsoft Exchange server and Symantec products'
    Document ID: 2007090220241148
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2007090220241148?Open&seg=ent



    Title: 'How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory'
    Document ID: 2008090512574448
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008090512574448?Open&seg=ent
     


  • 5.  RE: Recommended exclusions for servers with SEP?

    Posted Sep 09, 2009 12:27 PM

    Prachand  - when was the DC detection during install added?
    I added manually, but it was installed a year ago, maybe more.

    I assume this is detected during install and not later if the computer is promoted to DC?

    IF you run Symantec protection for SharePoint you also need to manually exclude in the exclusion policy the quarantine folder for the sharepoint protection, otherwise SEP can see things going on with the SPS and cause conflict. We've got some SharePoint servers running Symantec protection for SharePoint - it works well, but isn't NEARLY as nice to setup and configure as SEP! Be sure to exclude the Sharepoint stuff from SEP..........



  • 6.  RE: Recommended exclusions for servers with SEP?

    Posted Sep 09, 2009 01:43 PM
     I am not sure about MR1 , but the functionality was there in MR2 (page 365 of the admin guide).

    Same is there in the  adminstartion guide page no. 373 for SEP MR4MP2.
    Yes the detection is done during the Install and it cannot be added later on.

    SEP will not detect automatically if the Server is promoted as  Domain Controller.

    When SEP is installed initially , The client monitors the applications that are installed on the client computer. If the software detects Active Directory on the client computer, the software automatically creates the exclusions.


  • 7.  RE: Recommended exclusions for servers with SEP?

    Posted Sep 09, 2009 02:29 PM
    Thank you - that was most helpful. There's over 1,400 pages of documents if you DON'T count the KB documents, etc.! So, it can be a bit, well, time-consuming at times..............
    That's pretty smart on their end to have included that.

    We'll just pretty much forget about MR1  ;-)


  • 8.  RE: Recommended exclusions for servers with SEP?
    Best Answer

    Posted Sep 09, 2009 02:38 PM

    Guidelines for choosing antivirus software to run on the computers that are running SQL Server

     

    http://support.microsoft.com/kb/309422

     

    Exclusion for Domain Controller

     

    Antivirus exclusions that should be set on a Microsoft 2000 or 2003 domain controller

     

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2004063015025548

     

    .About the automatic exclusion of files and folders for Microsoft Exchange server and Symantec products

     

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090220241148

     

    How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008090512574448

    Preventing Symantec Endpoint Protection 11.0 from scanning the Microsoft Exchange 2007 directory structure

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007072619121148

    Configuring Symantec Endpoint Protection 11.0 exclusions for Microsoft Forefront

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008110415505248

    Exclusions required to run Symantec Endpoint Protection with Windows SharePoint Services 3.0 or SharePoint Server 3.0

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008120814123148

    How to exclude SQL files and folders using Centralized Exceptions

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008062709312848 


  • 9.  RE: Recommended exclusions for servers with SEP?

    Posted Sep 10, 2009 12:33 AM
    SAV 10.x--maybe 9.x, can't recall--had that functionality.

    DCs and Exchange are a good start, but lots more needs to be added.

    Agree? Add your votes and your suggestions here: https://www-secure.symantec.com/connect/idea/more-built-automatic-exceptions

    An MS MVP compiled a pretty comprehensive list of AV exclusions for Microsoft technologies a while ago. Who knows how authorititative it is, but I recognized a lot of them from the MSKB. If I can find it again I'll post it.


  • 10.  RE: Recommended exclusions for servers with SEP?

    Posted Dec 05, 2009 05:44 PM
    Great info guys, thank you


  • 11.  RE: Recommended exclusions for servers with SEP?

    Posted Dec 05, 2009 08:47 PM
    If SEP automatically sets up exclusions for AD and Exch, why not automatically for SQL?

    Does SEPSBE 12 do the same thing?

    Does anyone have other recommendations for other DB's like Quickbook or Peachtree?


  • 12.  RE: Recommended exclusions for servers with SEP?

    Posted Dec 06, 2009 08:45 AM
    Yes even SEP 12 does the same thing.