ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Preventing SEP from scanning files accessed by a trusted process.

book

Article ID: 199534

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

A performance or deadlock issue which has no vendor-specific solution may be resolved if Symantec Endpoint Protection (SEP) Auto-Protect is configured to skip scanning of files accessed by a third-party process.

Cause

SEP is designed to scan each and every I/O on the file system.

Resolution

To reduce potential for impact where a third-party process on an endpoint may have competing I/O, if this process is implicitly trusted it can be set as a trusted process.

  1. Under the Policies tab, select Virus and Spyware Protection
  2. Click the policy you would like to modify, and select Edit the policy, or Add a Virus and Spyware Protection Policy
  3. Click Auto-Protect on the left-hand side
  4. Under Scanning, click Advanced Scanning and Monitoring...
  5. Ensure the box marked Do not scan files when trusted processes access the files is checked
  6. Check the box marked Enable custom list
  7. Click Customize process list...
  8. Click Add...
  9. Enter in the name of the process without the path (e.g. ClMgrS.exe), and click OK
  10. Click OK three more times to save the changes

You may now apply the policy to a group and confirm the updated policy resolves the issue.

Additional Information

  • As of SEP 14.3 RU2, Auto-Protect Custom Process List is only supported in Windows. If you want Auto-Protect Custom Process List to be supported in other operating systems such macOS and Linux, please send us an enhancement request.
  • Auto-Protect Custom Process List is some times referred as "Real-time protection process exclusion list"

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/Dialog-Overview/virus-and-spyware-protection-dialog/advanced-scanning-and-monitoring-v43669135-d49e10797.html

https://knowledge.broadcom.com/external/article?legacyId=TECH251022