search cancel

Preventing SEP from scanning files accessed by a trusted process.


Article ID: 199534


Updated On:


Endpoint Protection


A performance or deadlock issue which has no vendor-specific solution may be resolved if Symantec Endpoint Protection (SEP) Auto-Protect is configured to skip scanning of files accessed by a third-party process.


SEP is designed to scan each and every I/O on the file system.


To reduce potential for impact where a third-party process on an endpoint may have competing I/O, if this process is implicitly trusted it can be set as a trusted process.

  1. Under the Policies tab, select Virus and Spyware Protection
  2. Click the policy you would like to modify, and select Edit the policy, or Add a Virus and Spyware Protection Policy
  3. Click Auto-Protect on the left-hand side
  4. Under Scanning within the Scan Details tab, click Advanced Scanning and Monitoring...
  5. Ensure the box marked Do not scan files when trusted processes access the files is checked
  6. Check the box marked Enable custom list
  7. Click Customize process list...
  8. Click Add...
  9. Enter in the name of the process without the path (e.g. ClMgrS.exe), and click OK
  10. Click OK three more times to save the changes

You may now apply the policy to a group and confirm the updated policy resolves the issue.

Additional Information

  • As of SEP 14.3 RU2, Auto-Protect Custom Process List is only supported in Windows. If you want Auto-Protect Custom Process List to be supported in other operating systems such macOS and Linux, please send us an enhancement request.
  • Auto-Protect Custom Process List is some times referred as "Real-time protection process exclusion list"