Endpoint Protection

Is there a way to enable the "Exclude" option from the "Detection Results" window? Or is there an easy way to exclude a specific file once it has been "detected"? When I browse to a folder that contains an infected file, File System Auto-Protect pops up a window saying it detected a threat, spends a few seconds "analyzing" it, and then "cleans" it by deleting the file. If I right click on the message in the "Detection Results" window, there is an "Undo Action Taken" option, but that just restores the file, which triggers an auto-protect scan, which throws an another "infected" message and deletes the file again. I do see an "Exclude" option when I right click on the message in the "Detection Results" window, but it is always greyed out. I assume that option would to create an exclusion for that one specific file? If so, that would be MUCH easier than having to open SEP, click the 'settings' and then manually browse to that file and add an exception (and thus ensure our migration from McAfee when our contract expires). Currently this is running on an isolated test VM using an "unmanaged" install of SEP, but I will be moving to a managed install if things go well, so methods to enable easy "Exclude" in either environment would help.

You have to create a centralized exception policy 
Making exceptions using centralized exception policies in Symantec Endpoint Protection Manager.

If it is unmanaged you can do the same thing in client GUI--->change settings---->centralized exceptions --->configure settings

Turn off Auto-Protect then make the exclusion. The exclude option will shown if the file is quarantined..however the files which are deleted they cannot be excluded.

So turn off Auto-Protect Make exclusion of the file/Folder Then turn on Auto-Protect.

By what name is it getting detected as..If its specific to that file then you can make exclusion for that particular detection 
eg : remaac.radmin for Radmin Remote utility.

I changed the policy to make it quarantine all threats instead of delete/clean them, and I still get the detection, action "quarantined", but when I highlight the message and click "Other Actions" in the "Detection Results" window, "Exclude" is still greyed out. I shut off Auto-protect, but no change.

I have also tried setting the policy to "report only", but the "exclude" option is still greyed out in that case as well.

Attached is a picture of what the "Other Actions" menu looks like in "Detection Results" window. I want to have the "Exclude" option enabled there instead of having to go through 15 steps to manually add an exclusion in the "centralized exception policy".

So it looks like the file is being detected as just "Hack Tool", nothing specific. I unzipped an archive of some password recovery tools from NirSoft, such as for ZIP files, wireless keys, IE / protected storage, etc.

Most of them that were "detected" were "Hacktool.PassReminder", "Hacktool.SniffPass", etc, but the PST Password Recovery tool was just detected as "Hack Tool". All of the others it let me use the "Exclude" option, and they no longer get detected. But the PST one has that grayed out option.

So is something that just shows up as "HackTool" some kind of generic/heuristic detection? I went to centralized exceptions to exclude the "HackTool" detection, but it only has HackTool.xxxxxx, i.e, specific entries for each individual "HackTool".

So is there any way to tell it not to detect any "HackTool" threat?

I don't recall what file it was before where I wasn't able to exclude, but I bet it was a generic detection as opposed to a specific one, and that is why "Exclude" is grayed out sometimes.

In SEPM go to Monitors--->logs-->risk select appropriate filed click on view logs.You will be able to find this detection there,select it and in top select the action as add risk to centralized exception policy and click on start......