Video Screencast Help


Created: 08 Oct 2012 | 7 comments

Can you please look at this error message.  (see attachment)  What does this message mean EXACTLY and how do I create an exception that will allow this program to run?

Comments 7 CommentsJump to latest comment

Ashish-Sharma's picture


Dtlui.exe is application ?

if yes you can create Exceptions

  1. In the Symantec Endpoint Protection Manager select Policies
  2. Select View Policies
  3. Double-click AntiVirus and AntiSpyware.
  4. Double-click the AntiVirus and AntiSpyware policy on the right hand side. This opens a new window.
  5. Click Proactive Threat Scan
  6. Select Detecting Commercial Applications
  7. Set your preferred actions and lock.

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 12.1


Thanks In Advance

Ashish Sharma

Mithun Sanghavi's picture


Bloodhound.Sonar.9 is a heuristic detection for processes based on certain attributes.

Files that are detected as Bloodhound.Sonar.9 may be malicious. We suggest that you submit any such files to Symantec Security Response. For instructions on how to do this using Scan and Deliver, read Submit Virus Samples.

Submitting suspicious files to Symantec allows us to ensure that our protection capabilities keep up with the ever-changing threat landscape. Submitted files are analyzed by Symantec Security Response and, where necessary, updated definitions are immediately distributed through LiveUpdate™ to all Symantec end points. This ensures that other computers nearby are protected from attack. The following resources may help in identifying suspicious files for submission to Symantec.


Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

ᗺrian's picture

This is for SONAR, which is part of the PTP component.

You can add from your SONAR log.

Login to SEPM

Go to Monitors >> Logs

Set log type to SONAR and click View Log

This exe should be showing in there

Select the check box and under Action, click the + sign. Select Allow Application. Select your policy to add this to and click Save Changes

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Parks1's picture

Is this Dtlui.exe is your commercial application.

If it a commercail application then use the below attach link

If not able to do the centerlaize configuration then use the false positive linkfor the same

Chetan Savade's picture


If you are 100% sure that it's not a malicious file then you can refer following articles.

How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged

Configuring a centralized exception for a detected process


Submit it to Symantec response team to determine the next course of action.

Symantec Security Response usually takes half a day to a day to provide a response. In the interim, you can try these sites for a quick analysis because it's automated response: Own by Symantec only.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Parks1's picture


Your issue is resolve or not?

MzSolo's picture

No- the issues did not resolve - we have decided to decommision the server and move the clietns to a new 2008 server.  Seem  like the easiest method (considering we were going to upgrade the server in a few months).

thanks for your time