Creating custom exclusions

In Symantec Endpoint Protection Small Business Edition (SEP SBE) cloud, custom exclusions make it possible to exclude specific files, folders and-or file types.
Endpoint Protection policies exclude any network drives mapped for desktops and laptops by default but permit scanning of removable drives on those computers. Checkboxes enable easy configuration of those two options.
As a convenience in configuring file and folder locations, the interface enables you to pick a predefined path variable for common Windows locations. Use the ... drop down portion of the path entry box to make your selection. You may append path statements to the variable.
Predefined path variables - Windows Vista, Windows Server 2008 and later
Predefined path variables
Variable path in default Windows install
[COMMON_APPDATA]
C:\ProgramData
[PROGRAM_FILES]
C:\Program Files
[PROGRAM_FILES_COMMON]
C:\Program Files\Common Files
[COMMON_PROGRAMS]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[COMMON_STARTUP]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[COMMON_DESKTOPDIRECTORY]
C:\Users\Public\Desktop
[COMMON_DOCUMENTS]
C:\Users\Public\Documents
[SYSTEM]
C:\Windows\System32
[WINDOWS]
C:\Windows
Predefined path variables - Windows XP and Windows 2003
Predefined path variables
Variable path in default Windows install
[COMMON_APPDATA]
C:\Documents and Settings\All Users\Application Data
[PROGRAM_FILES]
C:\Program Files
[PROGRAM_FILES_COMMON]
C:\Program Files\Common
[COMMON_PROGRAMS]
C:\Documents and Settings\All Users\Start Menu\Programs
[COMMON_STARTUP]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[COMMON_DESKTOPDIRECTORY]
C:\Documents and Settings\All Users\Desktop
[COMMON_DOCUMENTS]
C:\Documents and Settings\All Users\Documents
[SYSTEM]
C:\Windows\System32
[WINDOWS]
C:\Windows
The accepted formats for a
File
exclusion path include:
  • <drive letter>:\path\filename
  • [path_macro]\path\filename
  • Wildcards and trailing "\" are not accepted
The accepted formats for a
Folder
exclusion path include:
  • <drive letter>:\path to directory\
  • [path_macro]\path to directory\
  • Wildcards are not accepted
  • The trailing "\" is recommended, but not required
  • Activate the
    Subfolders
    check box to add all files and child directories to the exclusion rule
In manually configuring an
Extension
exclusion the accepted format requires:
  • Use only the characters in the extension, such as mdb
  • Each extension must be used in a unique rule
  • Wildcards and dot-characters are ignored
  1. To exclude a file in a policy
    , in the SEP SBE Management Console >
    Policies
    page, click
    Add Policy
    .
  2. In the
    Computer Protection
    section of the policy configuration page, click
    Custom Exclusions
    .
  3. Select
    File
    from the drop-down menu.
  4. Enter the file you want to exclude using the format:
    <drive_letter>:\path_to_file\filename
  5. Click
    Add
    and the exclusion appears in the
    Current Exclusions
    list.
  6. To finish, click
    Save & Apply
    at the bottom of the policy configuration page.
  7. To exclude a file in a common location
    , in the SEP SBE Management Console >
    Policies
    page, click
    Add Policy
    .
  8. In the
    Computer Protection
    section of the policy configuration page, click
    Custom Exclusions
    .
  9. Select
    File
    from the drop-down menu.
  10. Using the ... drop down, select
    [PROGRAM_FILES]
    .
  11. Add the directory you want to exclude to the predefined path variable. It should appear as:
    [PROGRAM_FILES]\Directory_Path_to_file_to_be_excluded\name_of_file_to_exclude
    . In actual use it might appear as [PROGRAM_FILES]\W2_v3\Word2WAV_v3.exe
  12. Click
    Add
    and the exclusion appears in the
    Current Exclusions
    list.
  13. To finish, click
    Save & Apply
    at the bottom of the policy configuration page.
  14. To exclude a folder
    , in the SEP SBE Management Console >
    Policies
    page, click
    Add Policy
    .
  15. In the
    Computer Protection
    section of the policy configuration page, click
    Custom Exclusions
    .
  16. Select
    Folder
    from the drop-down menu.
  17. Enter the directory you want to exclude using the format:
    <drive_letter>:\path_to_folder\
  18. If you want to exclude all subdirectories within the excluded folder, click the
    Subfolders
    check box.
  19. Click
    Add
    and the exclusion appears in the
    Current Exclusions
    list.
  20. To finish, click
    Save & Apply
    at the bottom of the policy configuration page.
  21. To exclude a folder in a common location
    , in the SEP SBE Management Console >
    Policies
    page, click
    Add Policy
    .
  22. In the
    Computer Protection
    section of the policy configuration page, click
    Custom Exclusions
    .
  23. Select
    Folder
    from the drop-down menu.
  24. Using the ... drop down, select
    [PROGRAM_FILES]
    .
  25. Add the directory you want to exclude to the predefined path variable. It should appear as:
    [PROGRAM_FILES]\Directory_Path_to_folder_to_be_excluded\
    . In actual use it might appear as [PROGRAM_FILES]\W2_v3\
  26. If you want to exclude all subdirectories within the excluded folder, click the
    Subfolders
    check box.
  27. Click
    Add
    and the exclusion appears in the
    Current Exclusions
    list.
  28. To finish, click
    Save & Apply
    at the bottom of the policy configuration page.
  29. To exclude a file type
    , in the SEP SBE Management Console >
    Policies
    page, click
    Add Policy
    .
  30. In the
    Computer Protection
    section of the policy configuration page, click
    Custom Exclusions
    .
  31. Select
    Extension
    from the drop-down menu.
Using the ... drop down, you can pick from commonly used file types, or you can enter the file extension directly without the leading period. File type exclusions are system-wide; specifying a drive letter is unnecessary.
File type exclusions must be entered singly; delimited lists of extensions are not accepted.
To finish, click
Save & Apply
at the bottom of the policy configuration page.