This documentation explains where in the registry the information about excluded file or folder are registered by Symantec Endpoint Protection(SEP).
SEP 14.3 and earlier.
When a exclusion is created for a file or folder, the following registry items are created by Symantec Endpoint Protection (SEP):
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines\FileName\Admin
The file exclusion defined by Symantec Endpoint Protection Manager (SEPM) will be stored under this key.
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines\FileName\Client
The customized file exclusion will be stored under this key.
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines\Directory\Admin
The directory exclusion defined on SEPM will stored under this Key
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\ScanningEngines\Directory\Client
The customized directory exclusion will be stored under this Key
SEP will create a ten digit key for every exclusion file or directory and it will be a unique value.
If the file or folder is same path on different clients, they will have the same digital key under the key Admin or Client.
In SEP 14.3 RU1 and later, exclusions are no longer viewable in the registry.
Verify if an Endpoint Client has Automatically Excluded an Application or Directory