In Symantec Endpoint Protection (SEP), folder exceptions for mapped network drives do not work as you expect, and exhibit the following behavior:

• Excluding the root of a mapped drive (e.g. the drive letter) causes detections on all mapped drives to stop when any file is written to the excluded drive.
• Excluding a sub-folder of a mapped drive does not work if the drive is not mapped to the root of the share. For example, mapping \\server\share\folder1 to X: does not respect exceptions for X:\folder2 (UNC path: \\server\share\folder1\folder2).

This is partially fixed in SEP 12.1 RU6 MP4.  Exclusions for the root of a mapped drive will work as expected in that version, but mapping drive letters to sub-folders of shares should still be avoided. All mapped drive exclusion issues were fully fixed in SEP 14.0.

Solution: upgrade to newest verision of SEP 12.1.x for partial fix, or upgrade to SEP 14.0 to resolve all mapped drive exclusion issues.

The full fix in SEP 14.0 should eventually be backported into SEP 12.1.x; this article will be updated as new information becomes available.

Workarounds:

• Set exceptions for sub-folder(s) on the mapped drive, rather than the root drive. This is necessary only in SEP versions 12.1 RU6 MP3 or older.
   
• Avoid mapping drive letters to sub-folders of shares.  For example, map drive X: to //server/share rather than //server/share/folder1.
  This issue is addressed in SEP 14.0