Firewall Alert (xxx.exe) does not have valid signature in SEP SBE Cloud
search cancel

Firewall Alert (xxx.exe) does not have valid signature in SEP SBE Cloud


Article ID: 164386


Updated On:


Symantec Products


Symantec Endpoint Protection cloud (SEP SBE) blocking application from accessing network.


New version of Symantec Endpoint Protection cloud (SEP SBE) has a more strict security posture against applications with a low reputation, and/or not digitally signed. 


Add a Program Control exclusion:

Follow this document to add a Program Control allow rule for the application generating the alert:

How to create custom exclusions


To disable low risk notifications (not recommended):

From the backend user interface (UI),  set Program Control to allow low risk applications, as well as set the blocking of traffic for malicious applications to High-Certainty Only:

  1. To show the Administrative Interface type the following commands in an administrative command prompt
    • cd c:\
    • cd \program files\Symantec.Cloud\AntiVirus
    • avagent -SHOW_UI
  2. When the backend UI comes up:
    • Click Settings > Firewall > Advanced Program Control
    • Click the slider for  Block Traffic for Malicious Applications until it reads High-Certainty Only
    • Move the slider next to Low Risk Applications until it reads Allow
    • Click Apply and Close

Note: These steps will need to be completed on each system that is detecting the application.