Auto-Protect on Windows devices does not support more than 1,000 combined filename and/or file path exclusions. As a result, one or more of the following issues may be encountered:
You see this warning message in the Filename or Path section of the Allow List policy.
The number of combined filename and path exclusions exceeds the 1,000 maximum that Auto-Protect on Windows supports. Limit the policy to 1,000 exclusions or less.
You see this error message when trying to add an Auto-Protect item to the Allow List.
You cannot add the selected criteria because Auto-Protect for Windows does not support more than 1000 filenames and paths combined.
When creating a large centralized exception policy in Symantec Endpoint Protection Manager (SEPM), you notice that several Auto-Protect exclusions fail to apply. The following error is seen in vpdebug logs:
<timestamp> AP Exclusion: F:\MSSQL\DATA <timestamp> CSAVRTExclusions::AddDirectoryExclusions -- Could not add Directory based exception!
Symantec Endpoint Security or Symantec Endpoint Protection Windows agent.
Auto-Protect (AP) on Windows devices does not support more than 1,000 combined filename and/or path exclusions in an Allow List or Exception policy.
Allow List and Exceptions policies must be limited to 1,000 or fewer combined AP filename and/or path exclusions on Windows.
Starting March 2024 (2024.03 Refresh), adding more than 1,000 combined filename and path exclusions for Auto-Protect in an Allow List policy will be prevented. The restriction applies to adding exceptions directly in the policy, from the Centralized Allow List or via API. This restriction does not apply when an exception policy is imported from a Symantec Endpoint Protection manager.
Within existing Allow List policies that exceed the limit you can add new filename or path exclusions using one of the below options: