Symantec Endpoint Protection (SEP) scans are detecting files on client systems as risks. The detected files have been confirmed harmless. You want to create exceptions in the Symantec Endpoint Protection Manager (SEPM) to prevent subsequent scans from inadvertently quarantining or deleting these files, until new definitions are released which remove this False Positive (FP).
Any file that appears to be detected due to a False Positive should be submitted to the Symantec Security Response "Report a Suspected Erroneous Detection (False Positive)" Site. If a False Positive is confirmed to have caused this detection, newer definition sets will be developed in such a way as to not trigger on these files.
As a temporary measure until new definitions are available, you can make a Centralized Exception in the SEPM for known risks, files, folders, and extensions:
- Select the Policy tab in the Symantec Endpoint Protection Manager.
- Under "View Policies" select Centralized Exceptions.
- In the "Available Tasks" select Add a Centralized Exception policy...
- A window will open to allow you to define the policy. Provide a descriptive name and a description of the policy you are adding.
- Select Centralized Exceptions. Click the Add button to view the drop down menu options: "Security Risk Exceptions", "Proactive Threat Scan Exceptions", and "Tamper Protection Exception".
- Select an item from the list to create an exception.
- After selecting the exception type, enter in the specific exception, or exceptions (one exception at a time), in the window.
- Click OK when finished adding exceptions. Click OK again to finish creating the policy.
- When prompted to assign the policy to a group, click YES. You can then choose the group you wish to assign the policy to and the policy changes will be sent out to members of the group.