Excluding Microsoft Teams from SEP scan
Article ID: 237067
Updated On:
Products
Issue/Introduction
The SEP (Symantec Endpoint Protection) or SES (Symantec Endpoint Security) Agent may interfere with the Microsoft Teams app, and it can prevent the application from starting correctly.
Environment
SEP
MS Teams
Resolution
To prevent SEP/SES from interfere with Microsoft Teams, Add the following Exclusions
- C:\Users\*\AppData\Local\Microsoft\Teams\current\teams.exe
- C:\Users\*\AppData\Local\Microsoft\Teams\update.exe
- C:\Users\*\AppData\Local\Microsoft\Teams\current\squirrel.exe
Wild card (*) is not supported. We recommend to use the Prefix variable [USER_PROFILE] which will correspond to all the users.
Examples:
On-Prem SEPM
SES-ICDM
New Teams
The MSIX installer installs the new Teams app in the WindowsApps:
To prevent issues with starting the new Teams app, add the following processes to the exclusion list in the antivirus software that you’re using:
- ms-teams.exe
- ms-teamsupdate.exe
Microsoft suggest to exclude these process to be scanned. The name of the folder where the new Teams app is installed is dynamic and it changes when the app’s version is updated.
The folder name begins with MSTeams_, ends with _8wekyb3d8bbwe, and includes the app’s version number in between.
For example, MSTeams_23247.1112.2396.409_x64_8wekyb3d8bbwe.
If you want to use wildcard, to match future MS Team`s version, you can apply the exception using wildcard, but only to exclude for AV scan.
If you want to exclude the process from SONAR and App Control, then full patch should be used and updated each time a new MS Team is released.
Additional Information
Configuring Exceptions policies in Endpoint Protection Manager
https://knowledge.broadcom.com/external/article?articleId=156028
How to include or exclude Teams from antivirus or DLP applications
https://docs.microsoft.com/en-us/microsoftteams/troubleshoot/teams-administration/include-exclude-teams-from-antivirus-dlp
Feedback
