ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

"Infection Found" file blocked in Protection Engine

book

Article ID: 200762

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

A file you scanned with Symantec Protection Engine (SPE) was blocked/deleted as malware. You consider this a false positive and want to prevent the file from being caught as malware.

Resolution

Submit the file as a false positive to https://symsubmit.symantec.com/ for analysis.

If you are using Protection Engine 8.2 or newer, you can also add this file to an exclusion list for insight scanning with the following xmlmodifier command:

xmlmodifier -b //policies/ThreatPolicies/InsightScanning/InsightPolicy/SHA256ExclusionList/items/ <file name> policy.xml

From the cloud console, this can be done by editing the group policy for the Allow > File Hash (SHA256) based exclusion and adding specific SHA256 values and applying the policy change to the scanner group.

Additional Information

The SHA256ExclusionList setting will now exclude files from all scanning technologies, where as in previous versions this setting only applied to the Insight reputation engine.

Note: Symantec Protection Engine 8.1 does not support File Hash (SHA256) based exclusion.