search cancel

Legitimate files are being quarantined by the SEP SBE agent

book

Article ID: 162306

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

Legitimate files used by programs are being quarantined or installation files are being quarantined before the software can be installed with Symantec Endpoint Protection Small Business Edition cloud (SEP SBE) installed.

Resolution

Symantec offers Rapid Release definitions, which are a day ahead of the qualified definitions agents normally download via LiveUpdate.  These definitions should be installed on a system to see if a future update will resolve the suspected False Positive (FP) issue.

Rapid Release Virus Definitions
 
If False Positive detections continue than the file should be restored from quarantine, collected, and submitted to Symantec for review.

Gathering Files:

  1. Login to the SEP SBE cloud management console
  2. Browse to the Computers tab and select a computer that is getting false positive detections
  3. On the right side select View Quarantine
  4. Check the box next to the file that needs to be removed from quarantine and then use the Restore button.
  5. Browse to the location that the file was quarantined from locally on the system and upload to Symantec’s false positive submission site.

Note: If several files need to be submitted they should be submitted in a non-password protected zipped archive with no more than nine files.
 

For additional information and recommendations on suspected False Positives, please see Best Practice when Symantec Endpoint Protection is Detecting a File that is Believed to be Safe.