Pro 5.1 SP3, Pro 5.1 SP2, Pro 5.1 SP1, Pro 5.1 64 bit SP3, Pro 5.1 64 bit SP2, Pro 5.1 64 bit SP1, Embedded SP3, Embedded SP2, Embedded SP1
Ultimate RC2, Ultimate (x86) 6.0.6000, Ultimate (x64) 6.0.6000, Starter (x86) 6.0.6000, RC2, Home RC2, Home Premium RC2, Home Premium (x86) 6.0.6000, Home Premium (x64) 6.0.6000, Home Basic (x86) 6.0.6000, Home Basic (x64) 6.0.6000, Enterprise RC2, Enterprise 6.0.6000, Business RC2, Business (x86) 6.0.6000, Business (x64) 6.0.6000
Windows Small Business Server 2008
Standard Edition, Premium Edition
Windows Server 2003 R2
Web Edition (x86), Web Edition (x64), Storage Server Edition (x86), Storage Server Edition (x64), Standard Edition (x86), Standard Edition (x64), Enterprise Edition (x86), Enterprise Edition (x64), Datacenter Edition (x86), Datacenter Edition (x64)
GSX Server for Windows
Windows Server 2003
Web Server, Web Edition SP2, Web Edition SP1, Storage Server SP2, Storage Server SP1, Storage Server (x64) SP2, Storage Server (x64) SP1, Storage Server (x64), Storage Server, Standard Server(x64), Standard Server SP2 (x64), Standard Server SP2, Standard Server SP1 (x64), Standard Server SP1, Standard Server, Enterprise SP2(x64), Enterprise SP2, Enterprise SP1(x64), Enterprise SP1(IA64), Enterprise ServerSP1, Enterprise Server, Enterprise (x64), Enterprise (IA64), Datacenter SP2(x64), DataCenter SP2
About managing false positives detected by TruScan proactive threat scans
TruScan proactive threat scans sometimes return false positives. Proactive threat scans look for applications and processes with suspicious behavior rather than known viruses or security risks. By their nature, these scans typically flag the items that you might not want to detect.
For the detection of Trojan horses, worms, or keyloggers, you can choose to use the default action and sensitivity levels that Symantec specifies. Or you can choose to manage the detection actions and sensitivity levels yourself. If you manage the settings yourself, you risk the detection of many false positives. If you want to manage the actions and sensitivity levels, you should be aware of the impact on your security network.
Note: If you change the sensitivity level, you change the total number of detections. If you change the sensitivity level, you might reduce the number of false positives that proactive threat scans produce. Symantec recommends that if you change the sensitivity levels, you change them gradually and monitor the results.
If a proactive threat scan detects a process that you determine is not a problem, you can create an exception. An exception ensures that future scans do not flag the process. Users on client computers can also create exceptions. If there is a conflict between a user-defined exception and an administrator-defined exception, the administrator-defined exception takes precedence.
Ensure that Symantec manages Trojan horse, worm, and keylogger detections.
Antivirus and Antispyware Policies include the Symantec-managed settings. The setting is enabled by default. When this setting is enabled, Symantec determines the actions that are taken for the detections of these types of processes. Symantec also determines the sensitivity level that is used to scan for them.
When Symantec manages the detections, proactive threat scans perform an action that is based on how the scan interprets the detection.
The scan applies one of the following actions to the detection:
The scan uses this action for the detections that are likely to be true threats.
The scan uses this action for the detections that are likely to be false positives.
Note: If you choose to manage the detection action, you choose one action. That action is always used for that detection type. If you set the action to Quarantine, the client quarantines all detections of that type.
Ensure that Symantec content is current.
Verify that the computers that produce false positives have the latest Symantec content. The latest content includes information about processes that Symantec has determined to be known false positives. These known false positives are excluded from proactive threat scan detection.
You can run a report in the console to check which computers are running the latest version of the content.
Create exceptions for the false positives that you discover.
You can create a policy that includes exceptions for the false positives that you discover. For example, you might run a certain process or application in your security network. You know that the process is safe to run in your environment. If TruScan proactive threat scans detect the process, you can create an exception so that future scans do not detect the process.