Endpoint Protection

Hi,

One of my centralized exception is not working correctly..i added in server but in client it is not showing and is getting blocked by SEP. i need to add individually for each client..Please help to solve this

Hi,

Configuring a centralized exception for a folder for Windows clients

http://www.symantec.com/business/support/index?page=content&id=HOWTO27612

Please Check Policy Serial No. both side are same or not.

Hi,

I need to add one exe, i do know how to add the prefix for that file.

hi,

Check this thread

https://www-secure.symantec.com/connect/forums/centralized-exceptions-some-executables

https://www-secure.symantec.com/connect/forums/creating-exceptions-applications

Hi,

I tried all these artciles already, but cant get any idea just a bit confused...

i want to add prov.exe file so that it should be excepted.

this file can be in any location of the system.

hi.

Check this thread

https://www-secure.symantec.com/connect/forums/puttyexe

Hi,

But this exe is not standard one this is our dynamic PSK file of wireless

hi,

I think you have already raised one thread for same problem

https://www-secure.symantec.com/connect/forums/centralized-exceptions-11

Yep..but no action at our side so only i raised again to fix this issue once for all

Hi,

I have giv one suggestion you have this thead and follow Old thread.

Please provide all information on Mithun as per last comments

Mithun Sanghavi Symantec Employee Technical Support Accredited

Hello,

Could you tell us the reason, you want the "prov.exe" under centralized exceptions?

Is Symantec detecting it as a Threat?

Which component of SEP 12.1 is detecting it as Threat?

When you say, "is getting blocked by SEP"? 

Does that mean, the traffic / packets generated from "prov.exe" traffic being blocked?

If yes, then work on this Article: 

How to add an exception for Intrusion Prevention Policy to allow a specific ID through Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH97176

Hope that helps!!

Did you try just adding the file name (prov.exe) to the central exception policy? That should be all that's needed.

Did you confirm the client than downloaded the updated policy?

Hi,

The traffic is not getting blocked..the exe itself is identified as bloodhound sonar.9 and the process is application heuristics

Hi,

I checked the policy no and both are same and client can download the policy.

Hello,

Bloodhound.Sonar.9 is a heuristic detection for processes based on certain attributes.

http://www.symantec.com/security_response/writeup.jsp?docid=2011-122605-0918-99

Files that are detected as Bloodhound.Sonar.9 may be malicious. We suggest that you submit any such files to Symantec Security Response. For instructions on how to do this using Scan and Deliver, read Submit Virus Samples.

Submitting suspicious files to Symantec allows us to ensure that our protection capabilities keep up with the ever-changing threat landscape. Submitted files are analyzed by Symantec Security Response and, where necessary, updated definitions are immediately distributed through LiveUpdate™ to all Symantec end points. This ensures that other computers nearby are protected from attack. The following resources may help in identifying suspicious files for submission to Symantec.

• Locate a sample of a threat
• Submit a suspicious file to Symantec
• Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe
• About managing false positives detected by TruScan proactive threat scans

Hope that helps!!

Now i had submiited that exe in this but have not received any tracking no..just confirmation only received..

Hello,

So, you received the confirmation email with the subject line Tracking#, correct?

With what email address was this submission done?

and

On which website was the submission done?

Let me look into this ..!!!

No subject line with tracking No

it is just telling as your incident is 2934711

I have submiited in the site

https://submit.symantec.com/websubmit/basic.cgi

Hello,

With what email address have you submitted the file?

Could you please submit the file on:

https://submit.symantec.com/websubmit/essential.cgi

and 

http://www.threatexpert.com/submit.aspx

Note: ThreatExpert is Owned by Symantec.

Hope that helps!!

Hi,

i got reply from the submission telling that my file has been whitelisted and the update will reflect in next definition cycle.

Hi,

At last my problem got solved after my file updated..now symantec is not catching that..

Thanks all for your kind help..