Administrators can exclude specific processes, file extensions, and folders from the AntiVirus Auto-Protect component, Tamper Protection, and TruScan, Proactive Threat Protection, or SONAR. In SEP, these exclusions are set through the Centralized Exceptions policy in the SEPM, or directly through the user interface on an unmanaged SEP client. Some Windows server roles require that specific folders and processes be excluded from AntiVirus real-time and scheduled scans, Tamper Protection monitoring, and other heuristic monitoring components. Real-time and scheduled scanning exclusions
Depending on the server's role, creating and applying the correct policies is critical for system performance in the areas of disk I/O and CPU usage. On servers, SEP should be placed in appropriate client groups so that specific management policies and associated exceptions can be applied. The SEP client should be installed on all computers on the network, including servers. Windows servers and the Symantec Endpoint Protection client Symantec strongly recommends that the server hosting the SEPM should have the Full Protection for Clients client installation package installed on it, with all protection technologies enabled. This practice allows SEPM to function at peak efficiency without taking disk space, RAM, CPU, and network bandwidth that could be used more effectively by critical servers. The best practice is for SEPM to reside on a server operating system with high availability that does not serve a critical role.
SEPM provides only management functions, not system protection, and servers with critical roles are likely to need as much as possible of the computer's resources available. Windows servers and Symantec Endpoint Protection Manager (SEPM)Īlthough SEPM can be installed on any Windows operating system that meets the system requirements, installing SEPM on a server with a critical role, such as a Domain Controller or Exchange server, is not recommended.