"Infection Found" file blocked in Protection Engine
search cancel

"Infection Found" file blocked in Protection Engine


Article ID: 200762


Updated On:


Protection Engine for Cloud Services Protection Engine for NAS


A file you scanned with Symantec Protection Engine (SPE) was blocked/deleted as malware. You consider this a false positive and want to prevent the file from being caught as malware.


Submit the file as a false positive to https://symsubmit.symantec.com/ for analysis.

If you are using Protection Engine 8.2 or newer, you can also add this file to an exclusion list for insight scanning with the following xmlmodifier command:

xmlmodifier -b //policies/ThreatPolicies/InsightScanning/InsightPolicy/SHA256ExclusionList/items/ <file name> policy.xml

From the cloud console, this can be done by editing the group policy for the Allow > File Hash (SHA256) based exclusion and adding specific SHA256 values and applying the policy change to the scanner group.

Additional Information

The SHA256ExclusionList setting will now exclude files from all scanning technologies, where as in previous versions this setting only applied to the Insight reputation engine.

Note: Symantec Protection Engine 8.1 does not support File Hash (SHA256) based exclusion.