There are several ways to resolve this type of situation.
1. Add the file(s) digital signature to the Exceptions Policy.
The best option is to check if the files are digitally signed by the manufacturer. If the file(s) is signed, the signing certificate can be exported from the file(s) and loaded into the Symantec Endpoint Protection Manager under Policies > Exceptions > Windows Exceptions > Certificate.
By importing the digital signature of the file (certificate), all software from the vendor that is also signed with this same digital signature/certificate is trusted for this type of reputation detection. This method of mitigating the WS.Reputation1 detections in no way affects the other modules/layers of Endpoint Protection should the file be a threat or behave in inappropriate ways. These issues should still be detected and stopped via Endpoint Protection. Note:
There is a secondary benefit to using/insisting on signed software from vendors. The act of digitally signing also allows the operating system to check the file(s) for integrity verification. If the file hash doesn't match the digital signature calculated hash, this can be an indication of tampering or other potentially malicious activities with the file(s). Broadcom always
recommends that all customers use digitally signed software for this reason. If the software is internally developed, the same recommendation applies, please sign the software and import the certificate into the SEPM.
Please see the Additional Information section for information on how to extract an X.509 certificate from a signed software package/file for this purpose.
2. Submit the file(s) to Broadcom as a False Positive (FP) for review.
Please see the following Broadcom KB article for instructions on this method. https://knowledge.broadcom.com/external/article?legacyId=TECH98360Note:
While this is a valid option for resolving the issue at the time of detection, it may not be effective long term. This is because if the file(s) may change enough over time where the original whitelisting is no longer effective. This happens because the file(s) is no longer recognized as the sample that was whitelisted and may be detected again.
3. Release the file(s) from Quarantine and allow them to run.
This is a viable option, but only if the other two methods above are unsuitable for some reason, and should be used with caution.