search cancel

How to create an Application Exception in Symantec Endpoint Protection 14.x.

book

Article ID: 180778

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 From the Symantec Endpoint Protection Manager (SEPM), you'd like to exclude a specific application by its hash to prevent the Symantec Endpoint Protection (SEP) client from scanning it or detecting on it.

Resolution

The following instructions will prevent a particular application from being scanned or detected by SEP. If you know the application's fingerprint (SHA256 hash) you can enter it directly or enable Application Monitoring to allow the SEP client to learn the applications on the machine and then create an exception from the learned list.

Forcing SEP to Learn an Application

This can be done in two different ways:

  1. If you know the name of the application you would like to learn, you can configure SEP clients to monitor that application and learn its fingerprint.
    See Application to Monitor
  2. If you do not know the name of the application and would like to monitor all applications on a client(s), you can configure SEP clients to monitor all applications and learn their fingerprints. This should only be done on a small subset of clients and only temporarily otherwise the list can get very large, very quickly.
    See Collecting information about the applications that endpoints run

Creating an Exception for an Application

  1. Login to the Symantec Endpoint Protection Manager (SEPM) and go to the Policies page.
  2. On the Exceptions Policy page, click Exceptions.
  3. Click Add > Windows Exceptions > Application.
  4. In the View drop-down list, select All, Watched Applications, or User-allowed Applications.
  5. Select the applications for which you want to create an exception.
  6. In the Action drop-down box, select Ignore, or Log only.
  7. Click OK.

Creating an Exception for an Application with the fingerprint (SHA256 hash)

  1. Login to the Symantec Endpoint Protection Manager (SEPM) and go to the Policies page.
  2. On the Exceptions Policy page, click Exceptions.
  3. Click Add > Windows Exceptions > Application.
  4. Click Add an Application by Fingerprint
  5. Enter the Application fingerprint.
  6. Enter the Application name if desired.
  7. In the Specify the action to take on this application , select Ignore, Log Only, Quarantine, Terminate, or Remove.
  8. Click OK.

Additional Information