Adding Allow List policy scan exceptions
The Allow List policy specifies files, URLs, and other items to exclude from scans or detection.
The policy is similar to an Exceptions policy in
Symantec Endpoint Protection.
You can add an exception in the following ways:
- ThePoliciespage >Default Allow List Policy.
- TheDiscovered Itemspage >Filestab >Add to Allow Listaction.
For the policies that
Symantec Endpoint Protection14.2 manages, use
Default Allow List Policy>
Allow List (SEP 14).
Endpoint Securitypolicies, you can lock the policy settings on the device so that the agent user cannot change them. The policy lock is enabled by default.
- To add Allow List policy scan exceptions
- Go toPolicies.
- On thePoliciestab, checkAllow Listand select the Allow List policy that you want to edit or create a new policy.
- On theDetailstab, select the plus icon for each item you want to add to the policy.Any items that you add to the policy are excluded from the scan on a device. The available items you can add are as follows:
For a file name or a file path, you can use a well-known prefix variable. A prefix variable indicates a well-known Windows folder. Select a prefix variable to apply the exclusion on the client computers that run different Windows operating systems. If you select a prefix variable, the path name should be relative to the selected prefix variable. The prefix variable applies to 32-bit and 64-bit folders. For example, if you select[PROGRAM_FILES], both theProgram Files (x86)and theProgram Filesfolders are excluded.
- CertificateExcludes a certificate based on its certificate thumbprint value from the following scans: Auto-Protect, Download Insight, and Behavioral Analysis. The certificate file must be encoded in DER/BASE64 format.
- FilenameExcludes a file name from the following technologies: Auto-Protect, scheduled and on-demand antimalware scans, Behavioral Analysis, and Tamper Protection. For Tamper Protection, the exclusion applies to the actor and not the target. See:
- Web domainExcludes a website or IP address from Download Insight detections or Behavioral Analysis. See:
- HashExcludes a file based on its hash value (SHA-256 only) from the following technologies: Auto-Protect, scheduled and on-demand antimalware scans, and Behavioral Analysis.
- File pathExcludes any files in a file path from the following scans: Scheduled and on-demand antimalware scans, and Behavioral Analysis.
- ExtensionExcludes any files with certain extensions from Auto-Protect and scheduled and on-demand antimalware scans.
- IPS HostExcludes a host based on its IP address from scheduled and on-demand antimalware scans.
- SelectSave Policy