Symantec Auto Protect is removing files
search cancel

Symantec Auto Protect is removing files


Article ID: 164736


Updated On:


Symantec Products


Symantec Endpoint Protection Small Business Edition cloud (SEP SBE) incorrectly alerts that a file is infected, or a program or website is suspicious


A false positive occurs when your SBE product incorrectly alerts that a file is infected, or a program or website is suspicious. Common indicators of a false positive are:

  • Your SBE product detects a threat in a file that you believe is unlikely to be infected (for example, files with extensions such as, *.txt, *.dbf, *.log, *.hlp).
  • Your SBE product alerts that a file or program developed and created by you or a legitimate company is suspicious, or is a threat
  • Your SBE product indicates that a legitimate website is malicious
  • Your SBE product blocks downloading a file as suspicious


Verify that your SBE product has up to date virus definitions

  1. Run LiveUpdate to install all the available updates for your SBE product and then run a Full system scan.

Submit the suspected file

  1. If the false positive still occurs with the latest definitions, report it to Symantec. The link to submit a false positive differs based on the exact detection, or the alert you receive.
  2. Complete the form with answers applicable to your situation.
  3. Once you have completed the submission you will be notified of the resolution and provided with any additional steps required.