In the Download Risk Distribution (Detected by Download Advisor) report, there is a high percentage of user-allowed downloads.

Users can allow or block the files that Download Advisor detects as unproven when the action for unproven files is Prompt. If users choose to allow an unproven file, the file is considered user-allowed.

The Detection Summary shows the user-allowed count versus the total detection count and the percentage of user-allowed detections for each malicious file sensitivity level. The counts and the percentage help you to determine how to adjust the Download Advisor settings for your network.

You might want to set the action for unproven files to Leave alone (log only) or Ignore. Use the Download Advisor settings in the Virus and Spyware Protection policy to set the action.

Before you change the action, make sure that your client computers send submissions to Symantec Security Response. A Symantec-hosted technology called Ubiquity collects and analyzes the submissions information. Over time, Ubiquity can determine if the files have a good reputation. Ubiquity provides the reputation information to Download Advisor so that later scans allow the good files that your users try to download. After a period of time, you can reset the unproven files action to Prompt.

You might also want to consider the following strategies:

• Adjust the Download Advisor malicious file sensitivity. You can adjust the sensitivity level to provide you the most number of detections with the fewest number of user-allowed detections.
• Create application exceptions or trusted Web domain exceptions for user-allowed files.