Users receive multiple IPS detection emails for known good applications


Article ID: 159260


Updated On:


Endpoint Protection Small Business Edition (Cloud)


Users report that they are receiving multiple emails for IPS detections of an in-house application or a known application, in these cases it is necessary to allow the software to operate either locally via policy or globally by submitting the offending software to Symantec for analysis and inclusion in virus definitions as a known good application.

Notification emails triggered


There are two solutions for stopping the detections:
  1. A temporary solution is to add a program control exception for the program involved via policy within the portal as described in the "Removing Program Control Blocks" section of Create custom exclusions SEP SBE Cloud.
  2. A permanent solution is to submit the file to our false positive website for analysis and inclusion in the database of known good software.  For details, please see Responding to Suspected IPS False Positives in Symantec Endpoint Protection.