Learn how to submit a suspected erroneous detection (false positive) when Symantec Endpoint Protection (SEP) incorrectly reports a clean, good file as being a threat.
The criteria that Endpoint Protection uses to identify malicious code is constantly updated in response to emerging threats. Sometimes new or even legitimate software can be mistakenly classified as a threat.
Symantec regularly updates definitions to fix any misclassification to identify only malicious code.
Before you begin
File infectors can make alterations to applications that have been in safe, daily use. If there has been a recent outbreak or infection on the computer or network, it is highly likely that the application has been compromised and the detection is genuine.
Symantec recommends that you treat all detected files as being infected until your suspicion of a false detection is verified by Symantec Security Response.
If you believe that a legitimate application is being identified in error and no other outbreak is occuring, follow these best practices.
1. Apply the latest Rapid Release virus definitions
Scan the file again. If the file is still detected using the new Rapid Release definitions, proceed to the next step.
2. Create exceptions
If you experience a false positive detection on development builds of internal software or for other reasons, consider creating scan exceptions to suppress detections based on criteria such as by folder or by file extension.
CAUTION: Symantec recommends that you use all exceptions with extreme caution.