Adding Allow List policy scan exceptions

The Allow List policy specifies files, URLs, and other items to exclude from scans or detection.
The policy is similar to an Exceptions policy in
Symantec Endpoint Protection
.
You can add an exception in the following ways:
  • The
    Policies
    page >
    Default Allow List Policy
    .
  • The
    Discovered Items
    page >
    Files
    tab >
    Add to Allow List
    action.
For the policies that
Symantec Endpoint Protection
14.2 manages, use
Default Allow List Policy
  >
Allow List (SEP 14)
.
For
Endpoint Security
policies, you can lock the policy settings on the device so that the agent user cannot change them. The policy lock is enabled by default.
  1. To add Allow List policy scan exceptions
  2. Go to
    Policies
    .
  3. On the
    Policies
    tab, check
    Allow List
    and select the Allow List policy that you want to edit or create a new policy.
  4. On the
    Details
    tab, select the plus icon for each item you want to add to the policy.
    Any items that you add to the policy are excluded from the scan on a device. The available items you can add are as follows:
    • Certificate
      Excludes a certificate based on its certificate thumbprint value from the following scans: Auto-Protect, Download Insight, and Behavioral Analysis. The certificate file must be encoded in DER/BASE64 format.
    • Filename
      Excludes a file name from the following technologies: Auto-Protect, scheduled and on-demand antimalware scans, Behavioral Analysis, and Tamper Protection. For Tamper Protection, the exclusion applies to the actor and not the target. See:
    • Web domain
      Excludes a website or IP address from Download Insight detections or Behavioral Analysis. See:
    • Hash
      Excludes a file based on its hash value (SHA-256 only) from the following technologies: Auto-Protect, scheduled and on-demand antimalware scans, and Behavioral Analysis.
    • File path
      Excludes any files in a file path from the following scans: Scheduled and on-demand antimalware scans, and Behavioral Analysis.
    • Extension
      Excludes any files with certain extensions from Auto-Protect and scheduled and on-demand antimalware scans.
    • IPS Host
      Excludes a host based on its IP address from scheduled and on-demand antimalware scans.
    For a file name or a file path, you can use a well-known prefix variable. A prefix variable indicates a well-known Windows folder. Select a prefix variable to apply the exclusion on the client computers that run different Windows operating systems. If you select a prefix variable, the path name should be relative to the selected prefix variable. The prefix variable applies to 32-bit and 64-bit folders. For example, if you select
    [PROGRAM_FILES]
    , both the
    Program Files (x86)
    and the
    Program Files
    folders are excluded.
  5. Select
    Save Policy