none
Endpoint protection Antimalware Policy --> Advanced --> Allow users to exclude files, folders and processes RRS feed

  • Question

  • Hi,

    We are managing Endoint protection on our server machines from SCCM server endpoint protection module. 

    As per the recommendation of Microsoft, we have put some files, folders and processes of our Exchange 2016 servers in exclusion by setting "YES" against "Allow users to exclude files, folders and processes" in endpoint protection antimalware policy in SCCM server, and then added required paths, files and folders in exclusion at client end

    We are planning to schedule "Full scan" to run on all server machines once in a week. Need to confirm that if "Full Scan" will consider excluded files, folder and processes in "Full scan" or it will exclude. 

    Thanks

    Tuesday, July 2, 2019 6:41 AM

Answers

  • Hello,

    If you have excluded files and or folder they will not be scanned when "Full Scan" is triggered.

    The Full Scan will go into all your files & folder except the one you have excluded on your policy.

    Regards

    Tuesday, July 2, 2019 7:13 AM
  • Exclude means exclude for all activity, full scans, incremental scans, on-demand scans, and other other activity as well.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, July 2, 2019 1:40 PM

All replies

  • Hello,

    If you have excluded files and or folder they will not be scanned when "Full Scan" is triggered.

    The Full Scan will go into all your files & folder except the one you have excluded on your policy.

    Regards

    Tuesday, July 2, 2019 7:13 AM
  • Exclude means exclude for all activity, full scans, incremental scans, on-demand scans, and other other activity as well.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, July 2, 2019 1:40 PM
  • Thanks for clarification.

    Regards

    Wednesday, July 3, 2019 4:54 AM
  • Thanks for clarification.

    Regards

    Wednesday, July 3, 2019 4:55 AM
  • Hello Jason,

    I have another confusion regarding "system center endpoint protection", if you can help me out on this:

    After malware is detected and action is taken against that malware e.g. when I open "history" tab in SCEP client it show me detected items under "quarantined items"

    Now, what I need to know is that ...... if i click on remove or "remove all" button, will it delete that particular malware infected file? or it will remove the entry from history detected items from SCEP client.

    OR

    I have to check in description the path of that quarantined file then go to that path and then delete that file?

    Thanks

    Friday, August 30, 2019 12:01 PM