Endpoint Protection

 View Only

  • 1.  How do I delete entries in a SEP "Detected Application" list?

    Posted Feb 13, 2014 06:34 PM

    I'm creating some SONAR exceptions to ignore DNS and Host file changes. 

    I get there by going to Policies > Exceptions > (Policy Name) >  Exceptions > Add > Windows Exceptions > DNS or Host File Change exceptions.

    When the window comes up, the file list is massive.  The "Detected Application" column shows thousands of entries for simple things like temp files.  It has a huge number of entries from one person's computer, and the path is C:\documents and settings\(user)\local settings\temp.  Thousands and thousands of files for one user's temp directory, among other things.

    How to I delete these?  I'm taking over for a previous administrator who should've done some cleanup on this a long time ago.



  • 2.  RE: How do I delete entries in a SEP "Detected Application" list?

    Posted Feb 13, 2014 06:39 PM

    There really isn't a way. The easiest way I've found is is if you just add it (set to log only or ignore), it leaves the list and is added to the policy, from here you can just delete.



  • 3.  RE: How do I delete entries in a SEP "Detected Application" list?

    Posted Feb 13, 2014 06:54 PM

    "Isn't a way?"  That doesn't make sense. 

    It takes several minutes to scroll down through that list to look for a file to see if it's already there, or if it's not there and I need to add it.  Thousands of .tmp file entries from one user's pc can't be deleted? 

    There has to be a way, even if it's going into the database and removing rows.



  • 4.  RE: How do I delete entries in a SEP "Detected Application" list?

    Posted Feb 13, 2014 07:01 PM

    Let me re-phrase. There isn't a cut and dry way to do it from the SEPM.

    Sure, you can edit the database directly, not recommended but it can be done.

    If you want to edit the database, I would suggest working with support as they can work with you on creating a query to do it.