Excluding a trusted web domain from scans on Windows clients

You can exclude a web domain from virus and spyware scans and from SONAR. When you exclude a trusted web domain, any file that the user downloads from any location within that domain is always allowed. However, Auto-Protect and other defined scans still scan the file.
By default, Download Insight excludes the websites that appear on the
Internet Trusted Sites
list through
Internet Explorer > Tools > Internet Options > Security
. You can configure this setting from the Download Insight settings in the
Virus and Spyware Protection
If Download Insight or Auto-Protect is disabled, trusted web domain exceptions are also disabled.
You should use caution when you configure exceptions. Every exception that you create lowers the security profile of the computer. Consider submitting any suspected false positives for examination rather than opening a permanent scan exclusion. Always use the multiple layers of protection that
Symantec Endpoint Protection
provides. See:
Supported web domain exceptions
Follow these guidelines when you create a web domain exception:
  • You must enter a single domain as a URL or an IP address when you specify a trusted web domain exception. You can specify only one domain at a time.
  • Port numbers are not supported.
  • When you specify a URL, the exception uses only the domain name portion of a URL. You can prepend the URL with either HTTP or HTTPS (case-insensitive), but the exception applies to both protocols.
  • When you specify an IP address, the exception applies to both the specified IP address and its corresponding host name. If a user navigates to a location through its URL,
    Symantec Endpoint Protection
    resolves the host name to the IP address and applies the exception. You can prepend the IP address only with HTTP (case-insensitive).
  • Both Download Insight and SONAR exclude the domain regardless of whether a user navigates to the domain through HTTP or HTTPS.
  • For an FTP location, you must specify an IP address. FTP URLs are not supported.
  • The wildcard
    is supported for use with exceptions for trusted web domains.
  • URL reputation in the Intrusion Prevention policy allows any websites that you specify as a Trusted Web Domain Exception.
  1. To exclude a trusted web domain from scans on Windows clients
  2. On the
    Exceptions Policy
    page, click
    Add > Windows Exceptions > Trusted Web Domain
  3. In the
    Add Trusted Web Domain Exception
    dialog box, enter the domain name or IP address that you want to exclude. See:
  4. Click
  5. Repeat the procedure to add more web domain exceptions.