search cancel

Folder Exception only shows Application Control for Scan type

book

Article ID: 219385

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You have hybrid management where the On-Prem SEPM bridged with the Cloud.  The On-Prem SEPM Folder Exception only show Application Control for Specify the type of scan that excludes this folder.

Environment

14.3.x

Cause

When you bridged the On-Prem SEPM to the Cloud, the process will allow you to define where you can manage the policies.  The Option Manage Policies from the Cloud indicates which console (On-Prem or Cloud) manages your policies.  If the option Manage Policies from the Cloud is enabled, the Cloud console will manage all the Exception Policy which restrict you from creating Folder Exception with different type of scan. 

Resolution

If you would like to revert the policy control back to the On-Prem SEPM, you will have to Unenrolled and Reenrolled with the Manage Policies from the Cloud disabled.

1. Unenroll the On-Prem SEPM from the Cloud.

Note: Wait approximately half an hour before Reenroll.

2. Obtain Enrollment Token

  • Log on to the Integrated Cyber Defense Manager console

https://sep.securitycloud.symantec.com/v1/#/landing

  • Click Integration

  • Click Enrollment

  • Copy the Enrollment Token to Clipboard

  • Transfer the Enrollment Token to the SEPM Server

3. Enroll On-Prem SEPM to the Cloud

  • Login to the On-Prem SEPM
  • Click on Cloud option.
  • Paste the Enrollment Token that you obtained from the Integrated Cyber Defense Manager console.
  • Click Enroll Symantec Endpoint Protection Manger

4. After you enrolled with the Integrated Cyber Defense Manager console, you enabled/disabled the Manage Devices from the Cloud and/or Manage Policies from the Cloud under Enrollment.

Note:

  • The Manage Device from the Cloud is enabled by default.  You can’t disabled the option until after the On-Prem SEPM enrolled.
  • The Manage Policies from the Cloud is disabled by default. If you enable this option and then later want to disable this option, you must unenrolled the Symantec Endpoint Protection Manager from the cloud, then re-enroll it.

5. After the Manage Policies from the Cloud has been disabled, you will have control back to the Folder Exception Policy

  • Login to the On-Prem SEPM
  • Click on Polices
  • Select Exception Policies
  • Edit or Create a new Exception Policy
  • Click Exceptions from the Exceptions Policy
  • Click Add  > Windows Exceptions > Folders

 

Additional Information

Review document below for detail on the Symantec Endpoint Protection Manager enrollment settings
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Settings/enrollment-v133611998-d4155e28616.html

Attachments