Symantec Security Expressions Server Server User Manual


 
Audit-On-Connect
43
A Subject or Message may contain text such as "Latest SecurityExpressions audit located at
%RESULTLINK%."
Exceptions
Exceptions
Exceptions prevent certain systems from ever getting audited, even if they fall within a scope.
When a system connects to the network, the server software checks all scopes to see if the
system falls within one. If it does, the server software then checks all exceptions to see if the
system is listed in an exception. If it is, the system does not get audited.
To exclude the devices from an audit, you must add them to the Exceptions list through the
Exceptions table. From the table you can Add, Edit or Delete the Exception.
Exceptions Table
Column Description
Type Type of device specification. May be a MAC address, a fully-qualified
domain name, an IP address, or range of IP addresses.
Value The value of Type. You may use the * wild card. You may also enter
IP addresses and IP ranges if you selected Fully Qualified Domain
Name as the type.
Expiration Date Date when audits stop applying this exception. If Never, this
exception does not expire.
Posture Result returned when this device connects to the network.
Description Exception or device description.
Adding Exceptions
To add new Exceptions:
1. Click Add New on the Exceptions page.
2. Select MAC address, Fully-Qualified Domain Name, or IP Address or Range as the Type.
3. Enter the Value.
A MAC address that includes a wild card would be 00-08-74-35-**-** (you can use either
- or : to parse a MAC address). A fully-qualified domain name that includes a wild card
would be *.ids.symantec.com. If entering a range of IP addresses, use a hyphen between
the lowest address and the highest address.
4. Select the Expiration Date from the calendar. This date indicates when audits stop
applying this exception. If you want the Exception enforced indefinitely, select the Never check
box.
5. Identify the Group Posture , such as Pass or Out of Scope, to return when the device
connects to the network.
6. Optionally, type a short Description describing the exception or device.
7. Click Add.
Editing Exceptions