Automatic FBWF file and registry exclusions for Windows Embedded in Endpoint Protection

book

Article ID: 150126

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

The Symantec Endpoint Protection (SEP) 12.1.6.x and 14.x installer automatically adds the file and registry exclusions for file-based write filters (FBWF). The following exclusions apply to 32-bit and 64-bit operating systems, except where indicated.

File exclusions for FBWF

Symantec Endpoint Protection automatically creates exclusions for the following files:

  • \Program Files (x86)\Symantec\Symantec Endpoint Protection\SEP_Version_Number (64-bit)*
    \Program Files\Symantec\Symantec Endpoint Protection\ SEP_Version_Number (32-bit)*
  • \ProgramData\Symantec\Symantec Endpoint Protection\Version_Number *
  • \Windows\System32\Drivers\SEP\Driver_Version
  • \Windows\ElamBkup\SEP\Driver_Version
  • \ProgramData\Symantec\Symantec Endpoint Protection\PersistedData
  • \Program Files (x86)\Common Files\Symantec Shared (64-bit)
    \Program Files\Common Files\Symantec Shared (32-bit)
  • \ProgramData\SymEFASI
  • \Windows\System32\Drivers\SymEFASI

Where SEP_Version_Number is the SEP version number, and Driver_Version is the SEP driver version number.
 
* Indicates the default installation path. If you installed the SEP client to a custom installation folder, then the exclusion is added for the file in the custom installation folder.
 

Registry key exclusions for FBWF

Symantec Endpoint Protection automatically creates exclusions for the following registry keys:

  • HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection
  • HKLM\SOFTWARE\Wow6432Node\Symantec\SharedDefs (64-bit)
    HKLM\SOFTWARE\Symantec\SharedDefs (32-bit)
  • HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec AntiVirus (64-bit)
    HKLM\SOFTWARE\Symantec\Symantec AntiVirus (32-bit)
  • HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection (64-bit)
    HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection (32-bit)
  • HKLM\SYSTEM\CurrentControlSet\Services\SepMasterService
  • HKLM\SYSTEM\CurrentControlSet\services\BHDrvx64 (64-bit)
    HKLM\SYSTEM\CurrentControlSet\services\BHDrvx86 (32-bit)
  • HKLM\SYSTEM\CurrentControlSet\services\IDSVia64 (64-bit)
    HKLM\SYSTEM\CurrentControlSet\services\IDSVia86 (32-bit)
  • HKLM\SYSTEM\CurrentControlSet\services\IDSxpa64 (64-bit)
    HKLM\SYSTEM\CurrentControlSet\services\IDSxpa86 (32-bit)
  • HKLM\SYSTEM\CurrentControlSet\services\NAVENG
  • HKLM\SYSTEM\CurrentControlSet\services\NAVEX15
  • HKLM\SYSTEM\CurrentControlSet\services\SNAC
  • HKLM\SYSTEM\CurrentControlSet\services\SRTSP
  • HKLM\SYSTEM\CurrentControlSet\services\SRTSPX
  • HKLM\SYSTEM\CurrentControlSet\services\SYMNETS
  • HKLM\SYSTEM\CurrentControlSet\services\SYMTDI
  • HKLM\SYSTEM\CurrentControlSet\services\SYMTDIV
  • HKLM\SYSTEM\CurrentControlSet\services\SepMasterServiceMig
  • HKLM\SYSTEM\CurrentControlSet\services\SyDvCtrl
  • HKLM\SYSTEM\CurrentControlSet\services\SymEFASI
  • HKLM\SYSTEM\CurrentControlSet\services\SymELAM
  • HKLM\SYSTEM\CurrentControlSet\services\SymEPSecFlt
  • HKLM\SYSTEM\CurrentControlSet\services\SymEvent
  • HKLM\SYSTEM\CurrentControlSet\services\SymIRON
  • HKLM\SYSTEM\CurrentControlSet\services\SysPlant
  • HKLM\SYSTEM\CurrentControlSet\services\Teefer2
  • HKLM\SYSTEM\CurrentControlSet\services\ccSettings_{GUID}

Where GUID is the GUID of ccSettings.