How to create an Application Exception in Symantec Endpoint Protection 12.1

book

Article ID: 157745

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

What steps are necessary to create an Application Exception in SEP 12.1?

 

Resolution

How to create an Application Exception in SEP 12.1

You can make many exceptions in SEP 12.1 using the Exceptions Policy. Most of these such as File, Folder, or Tamper Protection Exceptions are quite easy to make. Select the appropriate type from Exceptions Policy > Exceptions > Add > Windows Exceptions, then fill in the required information.  This will create the exception straight away and add it to the Exceptions Policy.

 

STEP 1: Adding An Application To Monitor

This article uses Internet Explorer (iexplore.exe) as an example.  PLEASE NOTE IT IS NOT ADVISABLE TO EXCLUDE INTERNET EXPLORER OUTSIDE OF TESTING.

In the Symantec Endpoint Protection Manager (SEPM), choose the Exceptions Policy > Exceptions > Add > Windows Exceptions.  It does not matter at first if you choose Application or Application To Monitor or DNS/Host File Change.  All will bring up the same box.

Click Add An Application To Monitor and enter iexplore.exe - this adds iexplore.exe to the exceptions list.  Note that this is NOT yet the actual exception.

The screenshot below shows iexplore.exe in the Exceptions Policy.  Note the Exception Type this is showing as Application To Monitor. There is currently no exception made for iexplore.exe.

 

 

What actually is happing now is that the SEPM is monitoring and gathering information relating to iexplore.exe from its managed SEP clients.  This process can take several hours. There is no notification when this is complete as the SEPM will monitor iexplore.exe continuously.

 

STEP 2: Making An Application Exception

After a few hours have passed check back in the Exceptions Policy to create the exception.

Select the application you added (iexplore.exe in this case) > Right Click > Add Windows Exceptions > Application.  This time you should notice the application you were monitoring shows up as a Detected Application (see screenshot below). It may be listed once, or (in the case for Internet Explorer) many times. Appearing many times in this instance reflects that IE can be installed in different locations depending on the OS or type of OS e.g. Windows XP, Windows 7, 32-bit, 64-bit.

 

 

To create the exception for Internet Explorer, select all instances (five in this example) and click OK. This will then add five separate exceptions for IE into the Exceptions policy. Note these entries have the Exception Type as Application Exception and not Application To Monitor as before.

 

 

 

You can then select the Action type for each exception e.g. Log Only, Ignore etc

Selecting each exception will display more related information.

 

 

Once you are confident you have all locations of the application accounted for you can remove the entry for Application To Monitor, leaving only the exceptions.

You can use the same process to create DNS/Host File Change Exceptions.

 


Attachments