How to create an application exception in the Symantec Endpoint Protection Manager

book

Article ID: 180778

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 You'd like to exclude a specific application by its hash to prevent the Symantec Endpoint Protection (SEP) client from scanning it or detecting on it.

Resolution

The following instructions will prevent a particular application from being scanned or detected by SEP. This process is done in two steps. First, a SEP client must "learn" the application (find its "fingerprint", also know as a hash), then secondly, the application must be excluded from scanning, using that fingerprint.

Forcing SEP to Learn an Application

This can be done in two different ways:

  1. If you know the name of the application you would like to learn, you can force SEP clients to monitor that application and learn its fingerprint.
    See Application to Monitor
  2. If you do not know the name of the application and would like to monitor all applications on a client(s), you can force SEP clients to monitor all applications and learn their fingerprint. This should only be done on a small subset of clients and only temporarily otherwise the list can get very large, very quickly.
    See Collecting information about the applications that the client computers run

Creating an Exception for an Application

  1. Login to the Symantec Endpoint Protection Manager (SEPM) and go to the Policies page.
  2. On the Exceptions Policy page, click Exceptions.
  3. Click Add > Windows Exceptions > Application.
  4. In the View drop-down list, select All, Watched Applications, or User-allowed Applications.
  5. Select the applications for which you want to create an exception.
  6. In the Action drop-down box, select Ignore, or Log only.
  7. Click OK.