The SEP for Linux client has quarantined files that are believed to be a False Positive.  These files need to be submitted to the False Positive portal for analysis.

• SEP for Linux version 12.1 RU5  - 14.3 MP1

To submit quarantined files, the identity of the files in the Quarantine directory must be confirmed.

To confirm the file ID:

1. Open a terminal session.
2. Navigate to /opt/Symantec/symantec_antivirus.
3. Run the following command:
4.  ./sav quarantine -l
5. This will list all the files that have been Quarantined.  Note the ID associated with file to be submitted.

To locate the file in the Quarantine directory:

1. Navigate to /var/symantec/Quarantine/ (SEP 12.1.x) or /var/symantec/sep/Quarantine/ (SEP version up to 14.3 MP1).
2. The quarantined file will be named with the ID noted in the previous steps with a file extension of .vbn.

The .vbn file is an encrypted file that can be submitted to Symantec's False Positive portal for analysis.

False Positive Submission Portal:
https://symsubmit.symantec.com

Currently submitting QUR file in /var/log/sdcsslog/quarantine/ (SEP version 14.3 RU1 and newer) is not supported