Endpoint Protection

 View Only
  • 1.  SEP RU6 MP1 not auto-excluding the correct Exchange 2010 directories

    Posted Sep 24, 2010 04:22 PM

    I just installed SEP RU6 MP1 client on an Exchange 2010 server. When I check "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions\Exchange Server\NoScanDir" it shows Exchange 2010 exclusions only for directories on the C: drive. The problem is that our mailbox database files are on the F: drive.

    On our Exchange 2007 servers, SEP's auto-exclusions work fine and properly detect the mailbox databases on the F: drive. I thought RU6 MP1 was supposed to add support for Exchange 2010, but it doesn't seem to be working correctly.

    What am I missing?



  • 2.  RE: SEP RU6 MP1 not auto-excluding the correct Exchange 2010 directories

    Posted Sep 24, 2010 04:46 PM

    See this KB for info on Exchange 2010 scanning exclusions.

     

    http://www.symantec.com/business/support/index?page=content&id=TECH97707&actp=search&viewlocale=en_US&searchid=1285361092448



  • 3.  RE: SEP RU6 MP1 not auto-excluding the correct Exchange 2010 directories

    Posted Sep 24, 2010 04:56 PM

    When EXCH 2007 Automatic Exclusion was added few Exclusion had to be done manually.

    However if its not detecting your Mailbox on non-root drive then you can create manual exclusions for them based on microsoft recommendation.

    http://technet.microsoft.com/en-us/library/bb332342.aspx

    Also add an IDEA for this to get added in next release.



  • 4.  RE: SEP RU6 MP1 not auto-excluding the correct Exchange 2010 directories

    Posted Sep 27, 2010 10:50 AM

    I know, that KB says that auto exclusions are included in SEP RU6 MP1. However in our case, it's not working properly. Hence my question... smiley



  • 5.  RE: SEP RU6 MP1 not auto-excluding the correct Exchange 2010 directories

    Posted Sep 27, 2010 10:51 AM

    But it's not a suggested feature. It's a feature that Symantec says is already there, but in our case, it's not working correctly.



  • 6.  RE: SEP RU6 MP1 not auto-excluding the correct Exchange 2010 directories

    Posted Sep 27, 2010 12:34 PM

    Hi all,

    This thread is now included in the Security Solutions Contest.  Solve this thread, or any of the threads included in the contest, and you could be "King of the Week."  Find out more here: https://www-secure.symantec.com/connect/forums/new-security-solutions-contest-be-king-week-starting-august-30th

     

    Best,

    Eric



  • 7.  RE: SEP RU6 MP1 not auto-excluding the correct Exchange 2010 directories

    Posted Sep 27, 2010 01:58 PM

    This sounds like a bug Jon,

    I suggest you to file a case for this so that technical support can reproduce the issue and repair it for the next version.

    I'd add those folders as exclusions manually.



  • 8.  RE: SEP RU6 MP1 not auto-excluding the correct Exchange 2010 directories
    Best Answer

    Posted Sep 27, 2010 02:03 PM

    Yeah, I had already opened a ticket earlier this morning. Turns out that it's not really a bug per se...

    Microsoft is no longer adding the path to the mailbox databases to the registry. Instead, they're only including the Exchange Install Path in the registry, which of course is what the SEP client uses to build the auto-exclusions. If you move the Exchange 2010 transaction logs and/or mailbox databases to other drives (which is recommended by MS), the only way to enumerate the paths is through a PowerShell command. Since the SEP client doesn't run that command in the background, it doesn't know the location to the mailbox databases, and can't auto-exclude them.

    At this point the only solution is to manually exclude the mailbox databases.



  • 9.  RE: SEP RU6 MP1 not auto-excluding the correct Exchange 2010 directories

    Posted Sep 27, 2010 02:05 PM

    I'm not trying to win the contest. I just posted the solution that I got from tech support.



  • 10.  RE: SEP RU6 MP1 not auto-excluding the correct Exchange 2010 directories

    Posted Sep 29, 2010 02:23 AM