Creating exceptions for Virus and Spyware scans

You can create different types of exceptions for
Symantec Endpoint Protection
.
Any exception that you create takes precedence over any exception that a user might define. On client computers, users cannot view the exceptions that you create. A user can view only the exceptions that the user creates.
Exceptions for virus and spyware scans also apply to Download Insight.
Creating exceptions for
Symantec Endpoint Protection
Task
Description
Exclude a file from virus and spyware scans
Supported on Windows and Mac clients.
Excludes a file by name from virus and spyware scans, SONAR, or application control on Windows clients.
Exclude a folder from virus and spyware scans
Supported on Windows, Mac, and Linux clients.
Excludes a folder from virus and spyware scans, SONAR, or all scans on Windows clients.
On Windows and Linux clients, you can choose to limit an exception for virus and spyware scans to Auto-Protect or scheduled and on-demand scans only. If you run an application that writes many temp files to a folder, you might want to exclude the folder from Auto-Protect. Auto-Protect scans files as they are written so you can increase computer performance by limiting the exception to scheduled and on-demand scans.
You might want to exclude the folders that are not often used or that contain archived or packed files from scheduled and on-demand scans. For example, scheduled or on-demand scans of deeply archived files that are not often used might decrease computer performance. Auto-Protect still protects the folder by scanning only when any files are accessed or written to the folder.
Exclude a known risk from virus and spyware scans
Supported on Windows clients.
Excludes a known risk from virus and spyware scans. The scans ignore the risk, but you can configure the exception so that the scans log the detection. In either case, the client software does not notify users when it detects the specified risks.
If a user configures custom actions for a known risk that you configure to ignore,
Symantec Endpoint Protection
ignores the custom actions.
Security risk exceptions do not apply to SONAR.
Exclude file extensions from virus and spyware scans
Supported on Windows and Linux clients.
Excludes any files with the specified extensions from virus and spyware scans.
Extension exceptions do not apply to SONAR or to Power Eraser.
Monitor an application to create an exception for the application
Supported on Windows clients.
Use the
Application to monitor
exception to monitor a particular application. When
Symantec Endpoint Protection
learns the application, you can create an exception to specify how
Symantec Endpoint Protection
handles the application.
If you disable application learning, the Application to monitor exception forces application learning for the application that you specify.
Specify how virus and spyware scans handle monitored applications
Supported on Windows clients.
Use an application exception to specify an action for
Symantec Endpoint Protection
to apply to a monitored application. The type of action determines whether
Symantec Endpoint Protection
applies the action when it detects the application or when the application runs.
Symantec Endpoint Protection
applies the Terminate, Quarantine, or Remove action to an application when it launches or runs. It applies the Log only or Ignore action when it detects the application.
Unlike a file name exception, an application exception is a hash-based exception. Different files can have the same name, but a file hash uniquely identifies an application.
The application exception is a SHA-2 hash-based exception.
Applications for which you can create exceptions appear in the
Exceptions
dialog after
Symantec Endpoint Protection
learns the application. You can request that
Symantec Endpoint Protection
monitors a specific application to learn.
Exclude a web domain from virus and spyware scans
Supported on Windows clients.
Download Insight scans the files that users try to download from websites and other portals. Download Insight runs as part of a virus and spyware scan. You can configure an exception for a specific web domain that you know is safe.
Download Insight must be enabled for the exception to have any effect.
If your client computers use a proxy with authentication, you must specify trusted web domain exceptions for Symantec URLs. The exceptions let your client computers communicate with Symantec Insight and other important Symantec sites.
See the following articles:
Create file exceptions for Tamper Protection
Supported on Windows clients.
Tamper Protection protects client computers from the processes that tamper with Symantec processes and internal objects. When Tamper Protection detects a process that might modify the Symantec configuration settings or Windows registry values, it blocks the process.
Some third-party applications inadvertently try to modify Symantec processes or settings. You might need to allow a safe application to modify Symantec settings. You might want to stop Tamper Protection for certain areas of the registry or certain files on the client computer.
In some cases, Tamper Protection might block a screen reader or some other assistive technology application. You can create a file exception so that the application can run on client computers. Folder exceptions are not supported for Tamper Protection.
Allow applications to make DNS or host file changes
Supported on Windows clients.
You can create an exception for an application to make a DNS or host file change. SONAR typically prevents system changes like DNS or host file changes. You might need to make an exception for a VPN application, for example.
Exclude a certificate
Supported on Windows clients (starting in 14.0.1).
You can exclude a certificate from scans. Excluding a certificate prevents it from being flagged as suspicious. A Download Insight scan can flag a self-signed certificate on an internal tool as suspicious, for example.