Endpoint Protection

Our company writes software for a certain client. When installing this on the client computer, the AV software complains about the installation (warning). What is the best way to have your AV solution detect that the software is legitimate and ok to install.

I'm thinking a certification will be involved. Is that correct? Can anyone advise me on this matter please?

Thank you

you can contact the security response team to have your software whitelisted so that it is globally implemented and don't afffect anyone who is using your software.

please make use of the below link for the same.

https://submit.symantec.com/false_positive/

Thank you for the fast response. I will check out the link you provided.

Hi,

Thank you for posting your query on Symantec community.

I would be glad to answer your query.

For software developers, authors, and Independent Software Vendors (ISVs), the Symantec Software White-Listing program offers an opportunity to reduce the possibility of false positives by adding your software to a whitelist that Symantec maintains of known good software.

Kindly go through the following article for more details:

Adding software to the Symantec Whitelist

http://www.symantec.com/docs/TECH132220

Software Whitelisting Program Frequently Asked Questions

http://www.symantec.com/docs/TECH232956

As a temporary workaround, add an exception for it in the SEPM.

I would also submit a software whitelisting request here:

https://submit.symantec.com/whitelist/

Thank you all for your replies.

I have looked into the situation and found that code signing can solve some of the false positives, sometimes. Code signing provides certainty of the source of the software, but not what the software does. So it makes sense that anti virus scanners don't see signed code as safe by default.

We will likely go with the code signed route anyway because it's a professional approach and it may help.

For the whitelisting however I understand that our software will need to be uploaded and analyzed. As you can imagine, management isn't very keen on this idea. I noticed on another antivirus vendor site that they mention that they can sign an NDA. I have read through the links you provided but I did not see the same offered by Symantec. Does Symantec offer the NDA option when submitting files for whitelisting? This would help put management concerns to rest.

Thank you for the assistance so far.

I do agree with your concern but I don't see any NDA option while submiting files for whitelisting however you can trust on the following KB statements & also it's highlighted in the privacy policy as well,

https://support.symantec.com/en_US/article.TECH232956.html

Q. Is the data shared with third parties?

No, the data is not shared with third parties.

Q. Do other customers have access to the data?

No, other customers do not have access to the data.

Also refer this privacy policy outlined by Symantec.

http://www.symantec.com/privacy/topic.jsp?id=how-we-use-it

They do not offer an NDA option during this process. You would need to contact them directly.

Alright, my questions have been answered, thank you all for providing answers and links that helped me to gather the required information.

A nice day to all of you and happy new year :)

Happy to help. If your query has been resolved can mark this thread as a Solved with the best answer that helps you. It helps future readers. Thanks!