You would like to create a Security Risk Exception for a Symantec Endpoint Protection for Macintosh client from the SEPM.
NOTE: In SEP for Macintosh (as of SEP 11 RU6) Centralized Exceptions are honored only by AutoProtect scans.
See: Centralized Exceptions set for Macintosh clients do not seem to be respected for scheduled or manual scans
Follow the steps below to add a custom Security Risk Exception for a Mac client from the SEPM.
To complete this process and exclude this file/location from real time scanning by Auto-Protect, you must also perform the additional step:
You can verify receipt of policy at the SEP for Macintosh client by turning on smc debugging, and examining the smc_debug.log, found in /Library/Application Support/Symantec/SMC/debug/
Confirm Macintosh File System AutoProtect general options by searching for ApScanOptions:
... and confirm Centralized Exception Details by searching for MacGlobalExceptionName
Prefix variables and wildcards:
[HOME] = any user's home directory (/Users/username/); applies also to the root home directory (/var/root/)
[APPLICATION] = the Applications directory = /Applications/
[LIBRARY] = /Library/
When using prefix variables, the slash after variable is unnecessary. For example, to exclude a test folder on the user's desktop:
When As well as the prefix choices, SEP for Macintosh supports a range of wildcard matches:
* (asterisk) matches zero or more characters.
? matches a single character.
NOTE: In older versions of SEP for Mac, exception wildcards would match all characters, including slashes in a file path. This would allow construction of some exceptions that allowed a broad selection of files. For example, /*.mdb would exclude the scanning of all .mdb files under all paths. As of SEP 12.1 RU6, wildcards do not match slashes and the /*.mdb example would only match .mdb files at the root of the file system. To match files at depths up to n levels, the previous example will need to be replaced with a group of n different exceptions, e.g for four levels: /*.mdb, /*/*.mdb, /*/*/*.mdb, and /*/*/*/*.mdb
Excluding ALL files in a folder and all subfolders is always done with a folder exclusion, e.g. /Users/*/UserDatabaseFiles/ will exclude all the UserDataBase files and subfolders in all user profiles. If the trailing slash is omitted, the exception will additionally match any file named "UserDatabaseFiles" in the root of user profiles.