About SEP automatic exclusion of files and folders for Microsoft Exchange server and Symantec products
search cancel

About SEP automatic exclusion of files and folders for Microsoft Exchange server and Symantec products


Article ID: 177306


Updated On:


Mail Security for Microsoft Exchange


Symantec Mail Security for Microsoft Exchange (SMSMSE) 6.x is installed on the same Server as Symantec Endpoint Protection (SEP) Client and it is necessary to know if the automatic exclusions are in place.


SMSMSE 6.x folders are not automatically excluded by the SEP automatic exclusion system

If installing SMSMSE 6.x, one directory needs to be excluded manually.
Assuming a default installation path for Mail Security:

C:\Program Files\Symantec\SMSMSE\6.0\Server\
      or on 64-bit systems
C:\Program Files (x86)\Symantec\SMSMSE\6.0\Server\
The actual path to the above directory can vary, depending on custom installations, and will need to be set up accordingly.

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 11 can be used to create centralized exceptions of the 'folder' type for the Server folder


See reference below for more information.

For reference here Page 410 - SEP Administrator Manual:

If Microsoft Exchange servers are installed on the computer where the Symantec Endpoint Protection client is installed, the client software automatically detects the presence of Exchange.
When the client software detects a Microsoft Exchange server, it creates the appropriate file and folder exclusions for File System Auto-Protect and all other scans.

Microsoft Exchange servers can include clustered servers. The client software checks for changes in the location of the appropriate Exchange files and folders at regular intervals.

If installing Exchange on a computer where the client software is already installed, the exclusions are created when the client checks for changes.

The client excludes both files and folders; if a single file is moved from an excluded folder, the file remains excluded.

The client software creates file and folder scan exclusions for the following Microsoft Exchange server versions:

  • Exchange 2000
  • Exchange 2003
  • Exchange 2007
  • Exchange 2010

For Exchange 2007, see the user documentation for information about compatibility with antivirus software. It may be necessary to create scan exclusions for some Exchange 2007 folders manually.
For example, if servers are clustered or non-default locations for folders are in use, exclusions must be created.

Preventing Symantec Endpoint Protection from scanning the Microsoft Exchange 2007 directory structure

Note: To see the exclusions that the client creates, examine the contents of the HKEY_LOCAL_MACHINE\Software\Symantec\Symantec Endpoint Protection\AV\Exclusions registry key. Do not edit this registry key directly. It is possible to configure any additional exclusions by using centralized exceptions.
The client does not exclude the system temporary folders from scans because doing so can create a significant security vulnerability on a computer.