Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

SEP 12 blocking program

Created: 10 Sep 2013 | 7 comments

I am running Windows 7 x64 and recently downloaded a program.  Every time I try to run it, I get an error stating that a particular file is blocked and the program needs to be closed.  I contacted the vendor and they said SEP is blocking it and to contact you about allowing the file through.  Where/how to I set SEP to allow the following files to run:

Computer/C drive/Program files x86 /cricut-craftroom

Computer/C drive/Program files x86 /craftroom/ccrbridge.exe

 

Thanks in advance!

 

Operating Systems:

Comments 7 CommentsJump to latest comment

.Brian's picture

What is detecting it? SONAR or Auto-protect? Perhaps a screen shot will help or you can check the Risk log to see.

Is this a managed or unmanaged client?

 

Excluding a file or a folder from scans

Article:HOWTO80920  |  Created: 2012-10-24  |  Updated: 2013-08-20  |  Article URL http://www.symantec.com/docs/HOWTO80920

 

If for SONAR:

Handling and preventing SONAR false positive detections

Article:HOWTO55273  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55273

 

One other thing to note is this may be a bug. This was found in the fix notes for the latest version, 12.1 RU3:

CCRBridge.exe application terminates unexpectedly

Fix ID: 3006641

Symptom: The CCRBridge.exe application terminates unexpectedly when the Application and Device Control driver (sysplant.sys) is installed.

Solution: Modified the Application and Device Control driver (sysplant.sys) import table address to dynamically allocate memory.

I would suggest upgrading if you can or disable application and device control

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

could you post the picture?

is it detecting as threat? if yes, follow the above suggestions for exclusions and get the application whitelisted.

AjinBabu's picture

 Hi,

Can you post the screen shot of the error?

Also normally these kinds of notification are by SONAR a SEP component.

About SONAR

SONAR is a real-time protection that detects potentially malicious applications when they run on your computers. SONAR provides "zero-day" protection because it detects threats before traditional virus and spyware detection definitions have been created to address the threats.

SONAR uses heuristics as well as reputation data to detect emerging and unknown threats. SONAR provides an additional level of protection on your client computers and complement your existing Virus and Spyware Protection, intrusion prevention, and firewall protection.

Legacy clients do not support SONAR; however, legacy clients use TruScan proactive threat scans to provide protection against zero-day threats. TruScan proactive threat scans run periodically rather than in real time.

Note:

Auto-Protect also uses a type of heuristic that is called Bloodhound to detect suspicious behavior in files.

 

Regards

Ajin

 

Mithun Sanghavi's picture

Hello,

What version of SEP are you running? Make sure you are running the Latest version of SEP 12.1.RU3

1) Latest Symantec Endpoint Protection Released - SEP 12.1.RU3

https://www-secure.symantec.com/connect/blogs/latest-symantec-endpoint-protection-released-sep-121ru3

2) What's new with Latest Symantec Endpoint Protection SEP 12.1.RU3

https://www-secure.symantec.com/connect/blogs/whats-new-latest-symantec-endpoint-protection-sep-121ru3

This problem is fixed in Symantec Endpoint Protection 12.1 Release Update 3 (12.1 RU3).

For information on how to obtain the latest build of Symantec Endpoint Protection, read ‘Obtaining the latest version of Symantec Endpoint Protection or Symantec Network Access Control

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your query.

Do you have an access to the SEPM console? If yes, create centralized exception as needed.

How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged.

http://www.symantec.com/docs/TECH92553

Configuring a centralized exception for a detected process

http://www.symantec.com/docs/HOWTO27305

If it's unmanaged client then refer the following article.
 
How to add a Security Risk Exception on an unmanaged Symantec Endpoint Protection Client
 

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

SameerU's picture

Hi

Add it in centralized exceptions

Regards