Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

.exe file already added to the Policy Exception but still being blocked

  • 1.  .exe file already added to the Policy Exception but still being blocked

    Posted Nov 27, 2013 02:57 PM

    Here is my issue,

    lately we upgraded our VPN client and this has now been publiched on our website. the Symantec Antivurus ( Insight Download Protection) flag this one as a malware threat.

    we could see that this has been loged on the detected application and we have added that to ignote it 

    we have added the exeption from the Detected Applications to ignore the file being scanned or blocked from and also trusted the website where this one is hosted but still we haveing the same issue.

    we have added the site to the trusted sites on Internet Explorer but this is still getting blocked,

    I went to the risk logs and i've allowed Application and also added the site to the Truested Web domain but still having the same troubles 

     

     

    120px_2013-11-27 14_53_04-http___technet.microsoft.com_ - Active Directory Users and Computers - Internet .png



  • 2.  RE: .exe file already added to the Policy Exception but still being blocked

    Posted Nov 27, 2013 03:01 PM

    What type of detection is flagging this? Auto-protect, SONAR, download insight?

    Did the client pickup the latest policy?



  • 3.  RE: .exe file already added to the Policy Exception but still being blocked

    Posted Nov 27, 2013 03:06 PM

    the source is the download insight and the Policies have been applied file to my machine and test ones as well.

    sent a whitelist request to Symantec but they would take some 2 days to have a look onto it.

    Thanks for yoru reply by the way.

     



  • 4.  RE: .exe file already added to the Policy Exception but still being blocked

    Posted Nov 27, 2013 03:24 PM

    Did the hash change? Was the software updated which would cause the hash change?



  • 5.  RE: .exe file already added to the Policy Exception but still being blocked

    Posted Nov 27, 2013 04:05 PM
    Nothing have changed on the package,


  • 6.  RE: .exe file already added to the Policy Exception but still being blocked

    Posted Nov 27, 2013 04:11 PM

    Verify this link to see if it applies:

    http://www.symantec.com/docs/TECH201828

    Did you set the application to IGNORE per this:

    http://www.symantec.com/docs/HOWTO80925

    Or, try adding directly from the Risk log:

    http://www.symantec.com/docs/HOWTO27300

     



  • 7.  RE: .exe file already added to the Policy Exception but still being blocked

    Posted Nov 27, 2013 06:10 PM
    I already went through this detail by detail and didn't help, so far added exception for the application file name file.exe, it's hash as we'll, added the domain name to the trusted sites where the file is and added this again from the risk logs on the monitoring area. No good at all. Also using IE 11 and not 10 as per your first link. Thanks again for your responses guys


  • 8.  RE: .exe file already added to the Policy Exception but still being blocked

    Trusted Advisor
    Posted Nov 29, 2013 07:55 AM

    Hello,

    Please try these Symantec Article below:

    Excluding a trusted Web domain from scans http://www.symantec.com/docs/HOWTO55211

    How to exclude specific Web domains from the Download Insight verification in SEP 12.1?

    http://www.symantec.com/docs/TECH162264

    Managing Download Insight detections http://www.symantec.com/docs/HOWTO55252

    NOTE: Download Insight has the following dependencies:

    • Auto-Protect must be enabled

      If you disable Auto-Protect, Download Insight cannot function even if Download Insight is enabled.

    • Insight lookups must be enabled

      Symantec recommends that you keep the Insight lookups option enabled. If you disable the option, you disable Download Insight completely.

    Note: If Download Protection is not installed, Download Insight runs on the client at level 1. Any level that you set in the policy is not applied. The user also cannot adjust the sensitivity level.

    Even if you disable Download Insight, the Automatically trust any file downloaded from an intranet website option continues to function for Insight Lookup.
     
     
    Hope that helps!!


  • 9.  RE: .exe file already added to the Policy Exception but still being blocked

    Posted Jan 27, 2014 11:15 PM

    Thus all story didnt help at all,

    followed step by step all what has been written on the documentation and no chance,

    uploaded my package to the Symantec to be white listed and added to the next updates but again no chance, I guess we just have to open a support case with you Sims on Tech



  • 10.  RE: .exe file already added to the Policy Exception but still being blocked

    Broadcom Employee
    Posted Jan 27, 2014 11:25 PM

    even whitelisting the file and it getting detect, open a support ticket to resolve the issue at the earlliest.



  • 11.  RE: .exe file already added to the Policy Exception but still being blocked

    Posted Jan 28, 2014 08:11 AM

    Yes, please open a support case to get it resolved.



  • 12.  RE: .exe file already added to the Policy Exception but still being blocked

    Posted Feb 24, 2014 08:39 AM

    Do you need more assistance with your problem or were you able to get it resolved?

    If you could post an update for followers of this thread that would be most helpful.

    Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post. If multiple posts helped to solve your problem, please click the "Request split solution" link at the bottom left, select the most helpful posts and click the "Submit" button. This will benefit admins looking for a resolution to the same problem.

    Thanks and take care,
    Brian