I am using Symantec Endpoint Protection 12.1 RU6 MP5 and want to confirm that the file and folder exceptions that Microsoft recommends for Windows servers and WS are being applied. After reading some threads on the forums, I see that SEP is supposed to sense what type of Windows host it is on and add appropriate exclusions. Also, Symantec Best Practices (TECH02440) says that you should confirm that the exclusions have been applied by looking at:
HKLM\Software\WOW6432node\Symantec\Symantec Endpoint Protection\AV\Exclusions
When I do this on a standard WS, I don't see the exclusions that Microsoft recommends in their KB 822158. Specifically I don't see the exclusions for Windows update and Automatic update files such as the Windows Software Distribution Datastore directory (%windir%\SoftwareDistribution\Datastore) or various MS security files in the %windir%\Security\Database path such as:
*.edb, *.sdb, *.log, *.chk, *.jrs
as well as a number of other files and directories that MS recommends be excluded from AV scanning.
I DO see that if I install SEP on a Domain Controller that there is a new key under HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions that is called Domain Controller, so SEP apparently recognizes that is is on a Windows 2012 R2 domain controller.
What key under Exclusions in the Registry would I expect to see the exclusions I mention above?
Also, it appears that I can only globally add exclusions in SEPM? I can't change exclusions at a client folder group level?
Thanks,
Dan
