Verify Symantec Endpoint Protection Manager Created Exception Policy is Applied to Client

Consider the following scenario:

You recently deployed a couple of Citrix XenApp servers. You created a new group in SEP 12.1.5 manager and modified an exception policy to exclude individual files, extensions and processes from being harassed by SEP 12.1.5. Then, you created an unmanaged client install package using that new group so that the exception policy would be included. You installed the client on the server and under User defined Exceptions the window is blank. How can you know for sure that the exception policy you applied to the group in SEP 12.1.5 Manager carried over and is being applied on the machine?

Thx to Reddit Symantec gurus we know that user defined exceptions section in the SEP client is for user added exception only and not the SEP Manager. Thus, that section will not show you what you configured in the exclusion policy created in SEP Manager and included in the install package.

To verify that Symantec Endpoint Protection Manager created exception policies are being applied to the client:

Open SEP on client machine and at the top-right, go to Help and select Troubleshooting from the drop-down menu that appears.  In the Management window, click on Export under the Policy Profile. This will allow you to export an XML file that you can then search for the exclusions.

Yet another way to verify that Symantec Endpoint Protection Manager created exception policy is applied to client is to open regedit and manually inspect those exclusions through registry.  Browse to the registry key: •HKEY_LOCAL_MACHINE\SOFTWARE\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\AV\EXCLUSIONS

Note: On 64bit window machines the registry path is: HKEY_LOCAL_MACHINE\Software\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions

https://support.symantec.com/en_US/article.TECH105814.html

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s