About the files and folders that Symantec Endpoint Protection excludes from virus and spyware scans

Symantec Endpoint Protection
detects the presence of certain third-party applications and some Symantec products, it automatically creates exclusions for these files and folders. The client excludes these files and folders from all scans.
The client does not exclude the system temporary folders from scans because doing so can create a significant security vulnerability on a computer.
To improve scan performance or reduce false positive detections, you can exclude files by adding a file or a folder exception to an Exceptions policy. You can also specify the file extensions or the folders that you want to include in a particular scan.
The files or folders that you exclude from scans are not protected from viruses and security risks.
You can view the exclusions that the client automatically creates.
Look in the following locations of the Windows registry:
  • On 32-bit computers, see HKEY_LOCAL_MACHINE\Software\Symantec\
    Symantec Endpoint Protection
  • On 64-bit computers, see HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\
    Symantec Endpoint Protection
Do not edit this registry directly.
File and folder exclusions
Microsoft Exchange
The client software automatically creates file and folder scan exclusions for the following Microsoft Exchange Server versions:
  • Exchange 5.5
  • Exchange 6.0
  • Exchange 2000
  • Exchange 2003
  • Exchange 2007
  • Exchange 2007 SP1
  • Exchange 2010
  • Exchange 2013
  • Exchange 2016
For Exchange 2007, see your user documentation for information about compatibility with antivirus software. In a few circumstances, you might need to create scan exclusions for some Exchange 2007 folders manually. For example, in a clustered environment, you might need to create some exclusions.
The client software checks for changes in the location of the appropriate Microsoft Exchange files and folders at regular intervals. If you install Microsoft Exchange on a computer where the client software is already installed, the exclusions are created when the client checks for changes. The client excludes both files and folders; if a single file is moved from an excluded folder, the file remains excluded.
For more information, see the following article:
Microsoft Forefront
The client automatically creates file and folder exclusions for the following Microsoft Forefront products:
  • Forefront Server Security for Exchange
  • Forefront Server Security for SharePoint
  • Forefront Threat Management Gateway
Check the Microsoft Web site for a list of recommended exclusions.
For more information, see the following article:
Active Directory domain controller
The client automatically creates file and folder exclusions for the Active Directory domain controller database, logs, and working files. The client monitors the applications that are installed on the client computer. If the software detects Active Directory on the client computer, the software automatically creates the exclusions.
Symantec products
The client automatically creates appropriate file and folder scan exclusions for certain Symantec products when they are detected.
The client creates exclusions for the following Symantec products:
  • Symantec Mail Security 4.0, 4.5, 4.6, 5.0, and 6.0 for Microsoft Exchange
  • Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange
  • Norton AntiVirus 2.x for Microsoft Exchange
  • Symantec Endpoint Protection Manager
    default database (Microsoft SQL Server Express or embedded) and logs
Veritas products
The client automatically creates appropriate file and folder scan exclusions for certain Veritas products when they are detected:
  • Veritas Backup Exec
  • Veritas NetBackup
  • Veritas System Recovery
Support for auto-exclusions of Veritas Netbackup ended with 8.x.
Selected extensions and Microsoft folders
For each type of administrator-defined scan or Auto-Protect, you can select files to include by extension. For administrator-defined scans, you can also select files to include by folder. For example, you can specify that a scheduled scan only scans certain extensions and that Auto-Protect scans all extensions.
For executable files and Microsoft Office files, Auto-Protect can determine a file's type even if a virus changes the file's extension.
By default,
Symantec Endpoint Protection
scans all extensions and folders. Any extensions or folders that you deselect are excluded from that particular scan.
Symantec does not recommend that you exclude any extensions from scans. If you decide to exclude files by extension and any Microsoft folders, however, you should consider the amount of protection that your network requires. You should also consider the amount of time and resources that your client computers require to complete the scans.
Any file extensions that you exclude from Auto-Protect scans of the file system also excludes the extensions from Download Insight. If you are running Download Insight, you should include extensions for common programs and documents in the list of extensions that you want to scan. You should also make sure that you scan .msi files.
File and folder exceptions
You use an Exceptions policy to create exceptions for the files or the folders that you want
Symantec Endpoint Protection
to exclude from all virus and spyware scans.
By default, users on client computers can also create file and folder exceptions.
For example, you might want to create file exclusions for an email application inbox.
If the client detects a virus in the Inbox file during an on-demand or scheduled scan, the client quarantines the entire inbox. You can create an exception to exclude the inbox file instead. If the client detects a virus when a user opens an email message, however, the client still quarantines or deletes the message.
Trusted files
Virus and spyware scans use Insight, which lets scans skip trusted files. You can choose the level of trust for the files that you want to skip, or you can disable the option. If you disable the option, you might increase scan time.
Auto-Protect can also skip the files that are accessed by trusted processes such as Windows Search.
More information