Endpoint Protection

Hi All,

How to configure SEP 12.1 client so that it does not delete some software that it thinks malicious but it is actually legitimate ?

For example, I am using this well known Freeware IP scanner: http://angryip.org/download/

The software cannot be used at all while SEP is running because it is automatically deleted / quarantined.

How do I whitelist the filename so that SEP not deleting it ?

Thanks,

Put in a file or folder exclusion to exclude the software.

Angry IP Scanner has been flagged by SEP for many years now, despite it being legit.

Follow the steps to whitelist the file.

https://support.symantec.com/en_US/article.HOWTO80928.html

Hello,

Report a Suspected Erroneous Detection and Report a Suspected Erroneous Detection (False Positive) https://submit.symantec.com/false_positive/

OR

If you want an app to be whitelisted,

 https://submit.symantec.com/whitelist/

Regards,

Hi John,

A file, folder, file extension or application needs to be excluded from being scanned by one or more features of the Symantec Endpoint Protection (SEP) client. Such exclusions can be configured for managed SEP clients using Centralized Exceptions policies in the Symantec Endpoint Protection Manager (SEPM) console.

http://www.symantec.com/docs/TECH104326

Also, refer this guide: How to Create Exceptions or Exclusions for Tamper Protection Alerts that have already been logged

http://www.symantec.com/docs/TECH92553

Here's the easiest way.

Login to your SEPM and go to your Exceptions policy and open it up and go to the Exceptions tab and select Add >> Windows Exceptions >> Known Risks

Another box will pop up after a short delay. Scroll down to AngryIPScanner and select it and hit OK:

It's now added the Exception policy and you can choose to "log only" or "ignore" it. The choice is yours.