Endpoint Protection 14 or above detects suspected non-malicious files even though exceptions/exclusions are in place. The files are being detected as heuristic and detetected as AdvML.A, AdvML.B or similar.
First, ensure that exception/exclusions have been applied correctly.
Also ensure that the endpoints have reliable, robust connectivity to online Reputation servers. If this is not present, an increased number of False Positives can be expected from the Advanced Machine Learning component introduced in SEP 14.
If detections continue, collect 6 to 9 samples of the files being detected as AdvML and submit them to the Incorrectly Detected by Symantec tab at https://symsubmit.symantec.com/ Provide these to your Technical Support contact. Engineers will examine the files and develop an solution if possible.
Assigned technician needs to pass the case to the Security Response Liaison (SRL) team with an email requesting Chronic FP with all the submission numbers
Subscribing will provide email updates when this Article is updated. Login is required.