Endpoint Protection

 View Only

  • 1.  our application became a Trojan.Gen.2

    Posted Aug 04, 2016 02:43 AM
      |   view attached

    Hello! Tell me, please, how can I exclude a file with a location in the user profile?

    After August 3, our application is virus.

    We need to exclude the following path:

    C:\Users\*\AppData\Roaming\application_name

    How is it possible to do?

    Thanks in advance!

    Attachment(s)

    7z
    [LK-SA888]__3e65e3__2016-08-04__11-44-10_TS.7z   3.28 MB 1 version


  • 2.  RE: our application became a Trojan.Gen.2

    Posted Aug 04, 2016 05:36 AM

    you can apply wildcard exception only for the predefined variables listed in the below article. for the rest of the files and folder you need to specify the entire path explicitly.

     

    Create Centralized Exceptions Policies in Endpoint Protection Manager 12.1

    Managing exceptions in Symantec Endpoint Protection

    How to create an Application Exception in Symantec Endpoint Protection 12.1

    Creating exceptions for Virus and Spyware scans

     

     

    the best approach is to submit the application as a false positive so that they release an updated definitions

    https://submit.symantec.com/false_positive/

    are you the creator of the application ? you can certainly apply for white listing 

    Adding software to the Symantec Whitelist

     



  • 3.  RE: our application became a Trojan.Gen.2

    Broadcom Employee
    Posted Aug 04, 2016 06:53 AM

    Endpoint does not allow the use of wildcards. Symantec has started detection it means there might be some change into software

    For software developers, authors, and Independent Software Vendors (ISVs), the Symantec Software White-Listing program offers an opportunity to reduce the possibility of false positives by adding your software to a whitelist that Symantec maintains of known good software

    http://www.symantec.com/docs/TECH132220

    Could you share the application name & details so we can try to test in our lab.



  • 4.  RE: our application became a Trojan.Gen.2

    Posted Aug 04, 2016 07:26 AM

    I face the same problem these times, I hope white listing works. One a client's antivirus detects a product as a virus, it can really occur some problem.



  • 5.  RE: our application became a Trojan.Gen.2
    Best Answer

    Posted Aug 04, 2016 08:36 AM

    You need to go through both of these links:

    Report a Suspected Erroneous Detection (False Positive)

    Software Whitelisting Request



  • 6.  RE: our application became a Trojan.Gen.2

    Posted Aug 04, 2016 10:30 AM

    Fulfilled both. Waiting for a response.

    Thanks.



  • 7.  RE: our application became a Trojan.Gen.2

    Trusted Advisor
    Posted Aug 04, 2016 10:42 AM

    There is no way to wild card the user location within exclusions atm. Symantec are looking at this for a future releases.

    If it's a piece of custom software created by your company you could try submitting it to symantec for whitelisting. They will analyse the software and exclude it. 
    https://submit.symantec.com/whitelist/



  • 8.  RE: our application became a Trojan.Gen.2

    Posted Aug 23, 2016 02:20 AM

    Thanks, it works.