Endpoint Protection

 View Only

  • 1.  How to delete a forced detection ( to delete a fingerprint )

    Posted Aug 23, 2011 06:45 PM

    Using SEP 11.0.6005 (RU6a)  [Edit]

    Under ... a Centralized Exceptions Policy (CE policy)   >  Centralized Exceptions  page  >  Add  >  Windows Exceptions  >  TruScan PTP Exceptions  >  Detected Processes,   there are redundant processes - that is, two different items, two different fingerprints,  for the same name. .  

    I need to delete them and start over.

    I am not asking how to change the setting from "Log Only" to " Delete."  I want to remove items from the list.

    Alternatively, it would help in my case if there was a way to tell which detection was the newer one, but they do not have creation dates or other idenifying information.

    Thanks



  • 2.  RE: How to delete a forced detection ( to delete a fingerprint )

    Posted Aug 23, 2011 08:47 PM

    Hi , 

     You mean to say that single process with same name but two different items in the exception .

    You can select the item and right click and delete ....



  • 3.  RE: How to delete a forced detection ( to delete a fingerprint )

    Posted Aug 24, 2011 10:22 AM

     

    In that window, all you can do to an item is select either Ignore, Log Only, Quarantine or Terminate, by using the drop-down.

    (CE policy)   >  Centralized Exceptions  page  >  Add  >  Windows Exceptions  >  TruScan PTP Exceptions  >  Detected Processes.  

    Thank you



  • 4.  RE: How to delete a forced detection ( to delete a fingerprint )

    Posted Aug 24, 2011 10:36 AM

    I think u should go to the monitors-logs option, select the detected process and delete them.

    then u should not able to see them here..Let me also check in the mean time.



  • 5.  RE: How to delete a forced detection ( to delete a fingerprint )

    Posted Aug 24, 2011 12:17 PM

    I looked under Monitors  >  Logs.

    Please view  (a CE policy)   >  Centralized Exceptions  page  >  Add  >  Windows Exceptions  >  TruScan PTP Exceptions  >  Detected Processes

    Need to delete ITEMS from here, or at least identify which is the newest of several identical looking ones.

     



  • 6.  RE: How to delete a forced detection ( to delete a fingerprint )

    Posted Aug 24, 2011 08:06 PM

    [Edit - first paragraph:]  Not necessarily a solution, but I thought some of the old items went away by this method. However, I have three same-named fingerprints  that do leave the Detected processes list by this method, but then when I delete the resulting exclusions, they appear again in the Detected processes list. So I still want a real method. We prefer to not edit the database directly.   

    In the SEPM 11, navigate to  a CE policy   >  Centralized Exceptions  page  >  Add  >  Windows Exceptions  >  TruScan PTP Exceptions  >  Detected Processes

    Select the forced detection  (fingerprint) to be deleted

    Use the drop-down to change the action to Ignore

    The item disappears

    Return up a level to the exceptions list:   CE policy   >  Centralized Exceptions  page 

    Find the new centralized exception item (fingerpritn type)  that you just created (probably at bottom)

    Delete it.  Repeat until problematic items are gone. Now you can repeat the forcing if you wish.

    Thanks