Submit false positives detected by Endpoint Protection
Last Updated March 08, 2019
Learn how to submit a suspected erroneous detection (false positive) when Symantec Endpoint Protection (SEP) incorrectly reports a clean, good file as being a threat.
The criteria that Endpoint Protection uses to identify malicious code is constantly updated in response to emerging threats. Sometimes new or even legitimate software can be mistakenly classified as a threat.
Symantec regularly updates definitions to fix any misclassification to identify only malicious code.
Before you begin
File infectors can make alterations to applications that have been in safe, daily use. If there has been a recent outbreak or infection on the computer or network, it is highly likely that the application has been compromised and the detection is genuine.
Symantec recommends that you treat all detected files as being infected until Symantec Security Response verifies a false detection.
If a legitimate application is identified in error and no other outbreak is occurring, follow these best practices:
1. Apply the latest Rapid Release virus definitions
Scan the file again. If the file is still detected using the new Rapid Release definitions, proceed to the next step.
2. Create exceptions
If a false positive detection on development builds of internal software or other reasons occurs, consider implementation of scan exceptions. Detections can be suppressed based on criteria such as folder or file extension.
CAUTION: Symantec recommends that you use all exceptions with extreme caution.