Symantec Endpoint Protection

Warning

For remote installation it’s required to disable Antivirus on the target workstation.

Opem Symantec Endpoint Protection Manager

Open Policies -> Exceptions.

../../_images/symantec_1.png

Add an exceptions policy:

../../_images/symantec_2.png

Add StaffCop to exceptions:

Add -> Windows Exceptions -> Known Risks

../../_images/symantec_2_5.png

You will see a list of all known risks. They are alphabetically sorted, you should scroll down to Spyware.Staffcop

../../_images/symantec_3.png

In such a way you should add exceptions for files and folders of Agent:

../../_images/symantec_5.png

Specify the following:

c:\Windows\System32\TimeControlSvc\
c:\Windows\Syswow64\TimeControlSvc\
c:\Windows\System32\Drivers\CaptureFileMonitor64.sys
c:\Windows\System32\Drivers\ProcObsrv64.sys
c:\Windows\temp\agent.msi
c:\Windows\Winexesvc.exe
../../_images/symantec_6.png

Apply the policy on the required workstations.

../../_images/symantec_4.png