After whitelisting a network in SEP Mobile after investigating a network incident and determining it to be benign in nature (eg, SSL stripping, Content Manipulation, etc.), the administrator continues to see incidents for the same network in the SEP Mobile Management Console (MC) and/or receive alerts for the events.
The network incidents that occur when content manipulation/filtering is detected CAN be whitelisted, but there are some restrictions. When the content manipulation occurs on a network that leaves a certificate behind (this happens primarily on Wifi networks), the network can be whitelisted based on the certificate information. When the content manipulation occurs on a network that does not use a certificate (primarily cellular and VPN networks), the network can only be whitelisted while the incident is still active. Otherwise SEP Mobile does not have the network information necessary to whitelist it.
When the network has been whitelisted, the incidents do still appear in the MC, but in a closed status.
To reduce or remove administrator alerts for incidents, consider adjusting your administrator alert rules under https://mc.sepmobile.securitycloud.symantec.com/admin/settings/communications/admin_alert_rules
You can also hide incidents from the incidents tab by clicking the eye icon with the slash through it next to the search/filter bar and entering the criteria to hide.