SoftActivity Monitoring Software blog

Setup Activity Monitor with Symantec Endpoint Protection 11/12

If you have Symantec Endpoint Protection installed on your company computers, it may detect a threat/risk in Activity Monitor and Agent and delete it.  To avoid this you need to setup Exceptions in Symantec Endpoint. It will then ignore presence of Activity Monitor and allow monitoring of computers in your office network and will not notify users. Following steps below add these Centralized Exceptions  in Symantec Endpoint Protection:

  • Spyware.ActivMonAgent
  • Spyware.ActMon
  • Folder on monitored computers: C:\Windows\sysnchrb
  • Folder where Activity Monitor main console is installed: “C:\Program Files (x86)\SoftActivity\Activity Monitor\” (on Windows 64-bit) or “C:\Program Files\SoftActivity\Activity Monitor\” (on Windows 32-bit)

In case you use Symantec in Unmanaged Clients mode, you need to add these exceptions  on each workstation where you are going to install Agent and on the workstation or server where you install Activity Monitor. If you use Managed clients mode in Symantec you need to add exceptions only once in Endpoint Protections Manager on the server. This is preferred mode and makes adding exceptions to all client computers much easier.

You need to add exceptions on computers where you are planning to install Activity Monitor and Agent before the installation. If you add exclusions after installation, you may need to reinstall Activity Monitor again, as it could be already damaged by the antivirus. If Symantec detects a risk in Activity Monitor/Agent files it will ask user to choose an action. In this case you can right click it and click Exclude.

1. Open Symantec Endpoint Protection. Click Change Settings tab, then click Configure Settings button next to Centralized Exceptions:

Symantec Endpoint Protection settings window

2. In Centralized Exceptions window click Add… button, then Security Risk Exceptions, Known Risks:

Centralized Exceptions windows in Symantec Endpoint

3. Scroll the list of known risks and select:

  • Spyware.ActivMonAgent
  • Spyware.ActMon

Then click OK:

Activity Monitor exceptions in Symantec

4. You should now have these two exceptions set to ignore:

Exceptions to ignore Activity Monitor

5. Starting from Activity Monitor version 7.0 we recommend to exclude this folder on monitored computers with Agent: C:\Windows\sysnchrb
This helps to avoid detection of any threats in Agent in future with new updates of Symantec Endpoint:

6. After this you can install Activity Monitor or Agent on this computer with exceptions set up.

7. In case you did not setup exception and try to install Activity Monitor or Agent you Symantec will show a warning that it detected Spyware.ActMon or Spyware.ActivMonAgent risk. You need to click Details button and make sure that this risk is found in Activity Monitor files, i.e. folder is C:\Program Files\SoftActivity. Then click Other Actions and select Exclude. Or right click on individual risks and select Exclude:

Exclude Activity Monitor risk in Symantec

Leave a Reply

You must be logged in to post a comment.