Summary
This article provides information about how to use the STXMLParser tool to convert 3rd party AV exclusions into importable format for Apex Central policies.
Details
Currently, the tool only supports conversion of Symantec configuration (up to SEPM 14.3MP1 build 1169 – 14.3.1169.0.100). Support for other 3rd-party AV solutions is under development.
To import the exclusion list from 3rd-party AV solutions:
- Download STXMLParser.7z and extract it.
- Get the exported exception list from Symantec and rename it to main.xml (the tool only accepts this file name). The Symantec exception list is a .dat file, before proceeding to the next step, do the following:
- Rename the exported Symantec exception list from <example>.dat to <example>.zip
- Unzip the renamed file, and browse to the extracted folder, you will find the main.xml file.
- Copy the Trend Micro STXMLParser.exe into the same folder path of main.xml
- Double-click STXMLParser.exe or execute it through command line.
- The following files will be created and used for importing.
- Open Apex Central policy and import the CSV file to the exception list:
- application.csv - Used in Behavior Monitoring exception
- dir.csv - Used in Real-Time/Scan Now/Manual Scan settings
- extension.csv - Used in Real-Time/Scan Now/Manual Scan settings
- file.csv - Used in Real-Time/Scan Now/Manual Scan settings
- application.csv - Used in Behavior Monitoring exception
- The following are the limitations of this tool:
- Does not support path prefix variable (such as %Program File%)
- Only those with "ignore" action in the exception list can be converted
- Cannot import Web Reputation white list
- Always exclude the sub-folders of folder exception list
