I do not need a solution (just sharing information)
When an admin adds exceptions in SEPM the exception list will grow over time and there is no way to idenitify who created the exception and for what reason.
This may lead to a security risk as admins will be afraid to remove exceptons in fair of breaking something.
The exception policy should contain a comment and date field next to the excluded file/hash.
This would allow the admin to see the purpose of the Exception and on what date the exclusion was added.
Please vote for this Enhancement request here.
https://www.symantec.com/connect/ideas/exception-l...
0