Users may observe that file types or specific files added to the exclusion list in Symantec Protection Engine (SPE) continue to appear in the logs or generate scan errors. This occurs even when the policy.xml correctly reflects the added exclusions.

SPE 9.x

To verify the file type, SPE must start a file scan, which may generate an error. This initial processing occurs before the engine confirms the file matches an exclusion criteria in the policy.

To verify that exclusions are functioning correctly:

1. Set the SPE log level to INFO to capture bypass events.
2. Restart the SPE service to apply the new log level.
3. Review the logs  and look for Symantec Protection Engine has not scanned the file. events to verify that the file was not scanned.

Note: To reduce overhead and log noise, it is recommended to also add file exclusions on the client side (e.g., NetApp, Isilon, or a third-party application).

Related Content:
Best practices for file type exclusions upstream of Protection Engine for Network Attached Storage
https://knowledge.broadcom.com/external/article/177975

Specifying the local logging level in the Core server only mode
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/symantec-protection-engine/9-3-0/Core-server-only-mode/specifying-the-local-logging-level-in-the-core-ser-v128493230-d4995e22731.html#v128493230