Endpoint Protection

 View Only

  • 1.  Remacc.Radmin on SEP 11.5

    Posted Dec 01, 2009 05:20 PM
    I have a group of computers that are always warning me that Remacc.Radmin has been found as a risk and has been quarantined.  I would like to have this file disregarded as a security risk.  I do not know how to do this as I have never attempted.  Thanks. 

    -Storm


  • 2.  RE: Remacc.Radmin on SEP 11.5
    Best Answer

    Posted Dec 01, 2009 09:28 PM

    Follow the steps below to add a custom Security Risk Exception:

    Launch the Symantec Endpoint Protection Manager.
    Create a blank Centralized Exceptions policy.
    Under the Policies view, select the Centralized Exceptions option, then click Add a Centralized Exceptions Policy.
    Enter a name for the policy and then click OK.
    Click the Monitors view.
    Under the Logs tab, change the Log Type to Risk.
    Click the View Log button to open the Risk Logs page.
    Select the risk you want to exclude.
    From the Action drop-down list, select Add Risk to Centralized Exceptions Policy, then click Start.
    Select the blank policy you created, and click OK.


    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008100706493648


  • 3.  RE: Remacc.Radmin on SEP 11.5

    Posted Dec 02, 2009 04:27 AM

    Symantec AntiVirus 10.x quarantines or deletes Remote Administrator (Radmin)

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005051215400948?OpenDocument     

    This document is applicable for SEP as well.
    So follow this doc for Creating exclusion for it

    How to add a Centralized Exception for a detection that is not included with Known Security Risk Exceptions in the Centralized Exception Policy.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008100706493648


  • 4.  RE: Remacc.Radmin on SEP 11.5

    Posted Dec 02, 2009 12:10 PM
    sandip_sali,
         Thank you.  Your response was very very easy to follow and it allowed me to do exactly what I was looking to do.  Now I know how to add exceptions very easily.  Thanks again. 

    -Storm


  • 5.  RE: Remacc.Radmin on SEP 11.5

    Posted Dec 02, 2009 12:56 PM
    Few words of warning on exceptions:

    1. You can't create exceptions by file name ONLY, you have to specify entire path to file. For example, you can not exclude NOTEPAD.EXE just by name, you will need to specify full path to file. Huge pain in the butt if you ask me, not sure who in clear mind decided on that "feature".
    2. You can't exclude certain types of identified risks. Symantec has a risk criteria, anything over what they feel is safe can not be excluded.

    I found out both limitations last week, when new DAT falsely identified our SSL client as a trojan, rendering hundreds of users being unable to VPN in. Simple task of adding exclusions then turned into a call to support, that confirmed the above-mentioned points.