Support User Manuals

Symantec Security Expressions Server Server User Manual

Open as PDF

of 97

Audit-On-Connect

43

A Subject or Message may contain text such as "Latest SecurityExpressions audit located at

%RESULTLINK%."

Exceptions

Exceptions

Exceptions prevent certain systems from ever getting audited, even if they fall within a scope.

When a system connects to the network, the server software checks all scopes to see if the

system falls within one. If it does, the server software then checks all exceptions to see if the

system is listed in an exception. If it is, the system does not get audited.

To exclude the devices from an audit, you must add them to the Exceptions list through the

Exceptions table. From the table you can Add, Edit or Delete the Exception.

Exceptions Table

Column Description

Type Type of device specification. May be a MAC address, a fully-qualified

domain name, an IP address, or range of IP addresses.

Value The value of Type. You may use the * wild card. You may also enter

IP addresses and IP ranges if you selected Fully Qualified Domain

Name as the type.

Expiration Date Date when audits stop applying this exception. If Never, this

exception does not expire.

Posture Result returned when this device connects to the network.

Description Exception or device description.

Adding Exceptions

To add new Exceptions:

1. Click Add New on the Exceptions page.

2. Select MAC address, Fully-Qualified Domain Name, or IP Address or Range as the Type.

3. Enter the Value.

A MAC address that includes a wild card would be 00-08-74-35-**-** (you can use either

- or : to parse a MAC address). A fully-qualified domain name that includes a wild card

would be *.ids.symantec.com. If entering a range of IP addresses, use a hyphen between

the lowest address and the highest address.

4. Select the Expiration Date from the calendar. This date indicates when audits stop

applying this exception. If you want the Exception enforced indefinitely, select the Never check

box.

5. Identify the Group Posture , such as Pass or Out of Scope, to return when the device

connects to the network.

6. Optionally, type a short Description describing the exception or device.

7. Click Add.

Editing Exceptions

previous next