Continue to get notifications on whitelisted network incidents in SEP Mobile

book

Article ID: 195692

calendar_today

Updated On:

Products

Endpoint Protection Mobile

Issue/Introduction

After whitelisting a network in SEP Mobile after investigating a network incident and determining it to be benign in nature (eg, SSL stripping, Content Manipulation, etc.), the administrator continues to see incidents for the same network in the SEP Mobile Management Console (MC) and/or receive alerts for the events.

Cause

The network incidents that occur when content manipulation/filtering is detected CAN be whitelisted, but there are some restrictions. When the content manipulation occurs on a network that leaves a certificate behind (this happens primarily on Wifi networks), the network can be whitelisted based on the certificate information. When the content manipulation occurs on a network that does not use a certificate (primarily cellular and VPN networks), the network can only be whitelisted while the incident is still active. Otherwise SEP Mobile does not have the network information necessary to whitelist it.

When the network has been whitelisted, the incidents do still appear in the MC, but in a closed status.

Resolution

To reduce or remove administrator alerts for incidents, consider adjusting your administrator alert rules under https://mc.sepmobile.securitycloud.symantec.com/admin/settings/communications/admin_alert_rules

You can also hide incidents from the incidents tab by clicking the eye icon with the slash through it next to the search/filter bar and entering the criteria to hide.