Endpoint Protection

Can you please look at this error message.  (see attachment)  What does this message mean EXACTLY and how do I create an exception that will allow this program to run?

Attachment(s)

errormsg.docx   211 KB 1 version

HI,

Dtlui.exe is application ?

if yes you can create Exceptions

1. In the Symantec Endpoint Protection Manager select Policies
2. Select View Policies
3. Double-click AntiVirus and AntiSpyware.
4. Double-click the AntiVirus and AntiSpyware policy on the right hand side. This opens a new window.
5. Click Proactive Threat Scan
6. Select Detecting Commercial Applications
7. Set your preferred actions and lock.

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 12.1

http://www.symantec.com/docs/TECH183201

Reference: https://www-secure.symantec.com/connect/forums/psftpexe-failing-servers

Hello,

Bloodhound.Sonar.9 is a heuristic detection for processes based on certain attributes. 

http://www.symantec.com/security_response/writeup.jsp?docid=2011-122605-0918-99

Files that are detected as Bloodhound.Sonar.9 may be malicious. We suggest that you submit any such files to Symantec Security Response. For instructions on how to do this using Scan and Deliver, read Submit Virus Samples.

Submitting suspicious files to Symantec allows us to ensure that our protection capabilities keep up with the ever-changing threat landscape. Submitted files are analyzed by Symantec Security Response and, where necessary, updated definitions are immediately distributed through LiveUpdate™ to all Symantec end points. This ensures that other computers nearby are protected from attack. The following resources may help in identifying suspicious files for submission to Symantec.

• Locate a sample of a threat
• Submit a suspicious file to Symantec
• Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe
• About managing false positives detected by TruScan proactive threat scans

Reference: https://www-secure.symantec.com/connect/forums/centralized-exceptions-12

Hope that helps!!

This is for SONAR, which is part of the PTP component.

You can add from your SONAR log.

Login to SEPM

Go to Monitors >> Logs

Set log type to SONAR and click View Log

This exe should be showing in there

Select the check box and under Action, click the + sign. Select Allow Application. Select your policy to add this to and click Save Changes

Is this Dtlui.exe is your commercial application.

If it a commercail application then use the below attach link

http://www.symantec.com/business/support/index?page=content&id=HOWTO27313

http://www.symantec.com/business/support/index?page=content&id=HOWTO27058

If not able to do the centerlaize configuration then use the false positive linkfor the same

https://submit.symantec.com/false_positive/

Hi,

If you are 100% sure that it's not a malicious file then you can refer following articles.

How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged

http://www.symantec.com/business/support/index?page=content&id=TECH92553&locale=en_US

Configuring a centralized exception for a detected process

http://www.symantec.com/docs/HOWTO27305

OR

Submit it to Symantec response team to determine the next course of action.

http://www.symantec.com/security_response/submitsamples.jsp

Symantec Security Response usually takes half a day to a day to provide a response. In the interim, you can try these sites for a quick analysis because it's automated response: Own by Symantec only.

http://www.virustotal.com/

 http://www.threatexpert.com/submit.aspx

Hi MZSOLO

Your issue is resolve or not?

No- the issues did not resolve - we have decided to decommision the server and move the clietns to a new 2008 server.  Seem  like the easiest method (considering we were going to upgrade the server in a few months).

thanks for your time