Endpoint Protection

Hello, 

I use IBM Endpoint Manager to deploy most of our applications. Recently, I pushed out an installer for the latest Box Sync client. IEM runs these installers as SYSTEM. However, I noticed that the installs kept failing. So I decided to actually run the MSI on my machine out of curiosity, and SEP blocked it. The SEP component blocking the MSI is "Download Insight". 

Once I was prompted by Download Insight, I clicked more details and saw that the Signature is "WS.Reputation.1", meaning it has a low reputation score. 

Basically, I would like to know how to allow exceptions for this at a large scale as this will be pushed out to ~4000 computers. I know how to add an exception on the client, but the problem is that you have to allow it based on the file location. This is impossible to do because the location of the MSI will not always be in the same location when it is downloaded locally to the machine. 

How do I get SEPM to automatically allow this MSI for all of our client machines? 

Let me know what other information is needed.

Thanks!

If you check the risk log in the SEPM, it should the path of the file, is it coming from the web domain or IP of your IBM endpoint manager? If so, you can add it as a trusted web domain eception.

As this is all pushed out and managed via your internal implementation of IEM, you should be able to add the domain under which it runs as an exclusion within SEP as below (as suggested by _Brian):

http://www.symantec.com/docs/TECH162264

Oh yeah, also don't forget the "Trust Intranet" option for SEP's Download Insight (assuming this is applicable):

http://www.symantec.com/docs/HOWTO80966