I have a global exception for SpectorSoft, known risk "Spyware.Spector", and set to Ignore. Instead of ignoring this valid software that we use, SEP 11 MR 5 quarantines this as a Risk and we get 2 alerts: 1. Action taken on risk: Excluded 2. Action taken on risk: Details pending
You then go to the All User's Profile\application data\symantec\symantec endpoint protection\quarantine and find that SEP has quarantined the "risk"
This is all happening while I have performed the steps to create a Global exception set to "Ignore".
I have numerous tickets opened with Symantec Tech Support, but after 10 days the case is automatically closed and I have to open another ticket.
This seems like a convenient way of dodging the issue.
One 1 ticket I was told to follow steps to upgrade our Spector server as well as create some additional file/folder exceptions. I have followed all of the steps exactly.
Important to note: the Registry shows the Known Risk exception, set to "Ignore".
Someone please help. I have zipped up the quarantined files to Submit.Symantec and have heard mixed reviews as to weather a hash rule will be created to properly exclude this valid software. In addition to Exclude, it must also "Ignore". Make sense?
I have a feeling I will be spending a lot of time in these forums to express my confusion and dissatisfaction with having to create 4 tech support cases for 1 issue.
older versions of SEP would not behave this way and would properly Ignore the "risk" (11 MR2 and older)
Reeling,
Symantec Customer Since 2002