SEP client - Fix Detection Results | Other Actions | Exclude
Created: 25 Sep 2012 | 6 comments
In the SEP 12.1.1101 client:
End user sees Quarantined item in the popup labled, "Symantec Endpoint Protection Results"
End user identifies software as DoD homegrown research software legitimate file and selects Other Actions | Exclude
However Exclude option is grayed out
End user requests his client group have a policy to not gray out Exclude option
SEP Administrator can find no option in the EPM console to unlock this setting
Please provide the option to lock or unlock this setting.
Idea Filed Under:
Comments 6 Comments • Jump to latest comment
Can you attach a screenshot of the pop-up Window?
I tried but this form doesn't seem to allow pasting screenshots - only cutting. Here's how you can see it:
- download the eicar test file or create a .txt file with only these characters:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
- When the AV acts on the test file you should have a popup labeled Symantec Endpoint Protection Results.
- highlight the risk and click on "Other Actions" button on the bottom of the popup
- It will have four actions to choose from - but the Exclude action is grayed out.
Currently the "Exclude" option under "Other Actions" is not available for viral infections. It is available for adware and other types of detections. This is why you cannot use it when you test with eicars.
Then what I'm requesting is that the Exclude option be configurable to allow Virus false positives to be excluded by certain trusted local administrators of client systems.
Understood. Thanks for your suggestion. We will consider this for a future release.
Thanks much for your attention. - g
Would you like to reply?
Login or Register to post your comment.