Kaseya Community

Symantec Exclusion

  • I am looking to right a script so that in symantec multi tier (corperate edition, endpoint) I can exclude files and folders. i.e. I want to use radmin on all sites but it flags up a warning message every day that its been found, alotugh it does nothing about it. I dont want this to come up on all of my customers sites.

    Legacy Forum Name: Symantec Exclusion,
    Legacy Posted By Username: Dean Osborne
  • The locations to exclude are located in the registry. The easiest way to achiving this is to create a .reg file which includes all the files/folders to be excluded.

    script:

    Script Name: SAV Exclude Directories WKS
    Script Description: This script configures Symantec AV to excluded listed directories from scanning.

    IF True
    THEN
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan\ExcludedByExtensions
    Parameter 2 : 1
    Parameter 3 : REG_DWORD
    OS Type : 0
    Get Variable
    Parameter 1 : 10
    Parameter 2 :
    Parameter 3 : Agent
    OS Type : 0
    Write File
    Parameter 1 : #Agent#\NoScan.reg
    Parameter 2 : VSASharedFiles\SAVNoScan.reg
    OS Type : 0
    Execute Shell Command
    Parameter 1 : c:\windows\regedit.exe /s #Agent#\SAVNoScan.reg
    Parameter 2 : 1
    OS Type : 0
    ELSE


    .reg file would look something like this:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\Storages\Filesystem\RealTimeScan\NoScanDir]
    @=dword:00000000
    "c:\\program files\\logitech\\setpoint\\x86"=dword:00000001


    Your best bet for the registry file is to manually add the files/folders on one computer, then export the key.

    Also, this is likely to only work for unmanaged SAV clients. Managed SAV clients may get this information from the parent server.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Lmhansen