Video Screencast Help

Exceptions

Created: 08 Oct 2012 | 7 comments

Can you please look at this error message.  (see attachment)  What does this message mean EXACTLY and how do I create an exception that will allow this program to run?

Comments 7 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

Dtlui.exe is application ?

if yes you can create Exceptions

  1. In the Symantec Endpoint Protection Manager select Policies
  2. Select View Policies
  3. Double-click AntiVirus and AntiSpyware.
  4. Double-click the AntiVirus and AntiSpyware policy on the right hand side. This opens a new window.
  5. Click Proactive Threat Scan
  6. Select Detecting Commercial Applications
  7. Set your preferred actions and lock.

Creating Centralized Exceptions Policies in the Symantec Endpoint Protection Manager 12.1

http://www.symantec.com/docs/TECH183201

Reference: https://www-secure.symantec.com/connect/forums/psftpexe-failing-servers

Thanks In Advance

Ashish Sharma

 

 

Mithun Sanghavi's picture

Hello,

Bloodhound.Sonar.9 is a heuristic detection for processes based on certain attributes. 

http://www.symantec.com/security_response/writeup.jsp?docid=2011-122605-0918-99

Files that are detected as Bloodhound.Sonar.9 may be malicious. We suggest that you submit any such files to Symantec Security Response. For instructions on how to do this using Scan and Deliver, read Submit Virus Samples.

Submitting suspicious files to Symantec allows us to ensure that our protection capabilities keep up with the ever-changing threat landscape. Submitted files are analyzed by Symantec Security Response and, where necessary, updated definitions are immediately distributed through LiveUpdate™ to all Symantec end points. This ensures that other computers nearby are protected from attack. The following resources may help in identifying suspicious files for submission to Symantec.

Reference: https://www-secure.symantec.com/connect/forums/centralized-exceptions-12

 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

.Brian's picture

This is for SONAR, which is part of the PTP component.

You can add from your SONAR log.

Login to SEPM

Go to Monitors >> Logs

Set log type to SONAR and click View Log

This exe should be showing in there

Select the check box and under Action, click the + sign. Select Allow Application. Select your policy to add this to and click Save Changes

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Parks1's picture

Is this Dtlui.exe is your commercial application.

If it a commercail application then use the below attach link

http://www.symantec.com/business/support/index?page=content&id=HOWTO27313

http://www.symantec.com/business/support/index?page=content&id=HOWTO27058

If not able to do the centerlaize configuration then use the false positive linkfor the same

https://submit.symantec.com/false_positive/

Chetan Savade's picture

Hi,

If you are 100% sure that it's not a malicious file then you can refer following articles.

How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged

http://www.symantec.com/business/support/index?pag...

Configuring a centralized exception for a detected process

http://www.symantec.com/docs/HOWTO27305

OR

Submit it to Symantec response team to determine the next course of action.

http://www.symantec.com/security_response/submitsa...

Symantec Security Response usually takes half a day to a day to provide a response. In the interim, you can try these sites for a quick analysis because it's automated response: Own by Symantec only.

http://www.virustotal.com/

 http://www.threatexpert.com/submit.aspx

 

 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Parks1's picture

Hi MZSOLO

Your issue is resolve or not?

MzSolo's picture

No- the issues did not resolve - we have decided to decommision the server and move the clietns to a new 2008 server.  Seem  like the easiest method (considering we were going to upgrade the server in a few months).

 

thanks for your time