Symantec Security Expressions Server User Manual

Page 51

Advertising
background image

Audit-On-Connect

43

A Subject or Message may contain text such as "Latest SecurityExpressions audit located at

%RESULTLINK%."

Exceptions

Exceptions

Exceptions prevent certain systems from ever getting audited, even if they fall within a scope.

When a system connects to the network, the server software checks all scopes to see if the
system falls within one. If it does, the server software then checks all exceptions to see if the

system is listed in an exception. If it is, the system does not get audited.

To exclude the devices from an audit, you must add them to the Exceptions list through the

Exceptions table. From the table you can Add, Edit or Delete the Exception.

Exceptions Table

Column Description

Type

Type of device specification. May be a MAC address, a fully-qualified

domain name, an IP address, or range of IP addresses.

Value

The value of Type. You may use the * wild card. You may also enter

IP addresses and IP ranges if you selected Fully Qualified Domain

Name as the type.

Expiration Date

Date when audits stop applying this exception. If Never, this
exception does not expire.

Posture

Result returned when this device connects to the network.

Description

Exception or device description.

Adding Exceptions

To add new Exceptions:

1. Click Add New on the Exceptions page.
2. Select MAC address, Fully-Qualified Domain Name, or IP Address or Range as the Type.
3. Enter the Value.

A MAC address that includes a wild card would be 00-08-74-35-**-** (you can use either

- or : to parse a MAC address). A fully-qualified domain name that includes a wild card
would be *.ids.symantec.com. If entering a range of IP addresses, use a hyphen between

the lowest address and the highest address.

4.

Select the Expiration Date from the calendar. This date indicates when audits stop

applying this exception. If you want the Exception enforced indefinitely, select the Never check
box.
5.

Identify the Group Posture , such as Pass or Out of Scope, to return when the device

connects to the network.
6.

Optionally, type a short Description describing the exception or device.

7.

Click Add.

Editing Exceptions

Advertising
Popular Brands
Popular manuals