After enrolling the SEPM into the cloud.  The SEPM managed clients began to trigger on files that were already excluded in the Symantec Endpoint Protection Manager (SEPM) exclusion policy.

• Enrolled hybrid SEPM with the cloud.

Symantec is currently investigating this issue.  This KB will be updated when a fix is released.  To work around the issue:

1. Remove the Default Whitelist Policy with policy type "Allow List (SEP 14)" from all SEPM groups in the cloud console.
2. After removal of the cloud policy, allow time for the change to occur on SEPM
3. In the SEPM console, check that the expected exception policies are applied to the correct groups as required.