Users receive multiple IPS detection emails for known good applications

book

Article ID: 159260

calendar_today

Updated On:

Products

Endpoint Protection Small Business Edition (Cloud)

Issue/Introduction

Users report that they are receiving multiple emails for IPS detections of an in-house application or a known application, in these cases it is necessary to allow the software to operate either locally via policy or globally by submitting the offending software to Symantec for analysis and inclusion in virus definitions as a known good application.

Notification emails triggered

Resolution

There are two solutions for stopping the detections:
  1. A temporary solution is to add a program control exception for the program involved via policy within the portal as described in the "Removing Program Control Blocks" section of Create custom exclusions SEP SBE Cloud.
  2. A permanent solution is to submit the file to our false positive website for analysis and inclusion in the database of known good software.  For details, please see Responding to Suspected IPS False Positives in Symantec Endpoint Protection.