SecureAnywhere may sometimes detect a file that displays legitimate, but also exhibits questionable behavior. In these cases, it classifies the file as Undetermined.
To locate files that SecureAnywhere classified as Undetermined, generate the All Undetermined Software Seen report. The All Undetermined Software Seen report displays all undetermined software, typically executable files, that SecureAnywhere cannot classify as either safe or as malware.
This report lists items by file name, along with when and where SecureAnywhere detected them. This report might display duplicate entries if the undetermined software was detected multiple times or in multiple places. You can also use this report to create overrides and tag files as either Good or Bad, so SecureAnywhere knows how you want to classify them in the future.
Note: For information on how to view the most recent endpoints with undetermined software, see Generating Endpoints With Threats On Last Scan Reports.
From the report, you can modify the report data as follows:
- View all undetermined software within a selected policy or group, which is helpful if you need to narrow search results to a specific set of endpoints.
- Drill down to see the files detected within a date range, which is helpful if you want to narrow the search results to a specific time period.
To generate the All Undetermined Software Seen report:
- From the Endpoint Protection console, click the Reports tab.
- From the Report Type drop-down menu, select All Undetermined Software Seen.
- If needed, select a specific policy and group. Otherwise, the report data displays all policies and groups, and may take a long time to generate, depending on your environment.
- To enter a date range for the data, select the Select time period checkbox. This is an optional step.
- To include deactivated and hidden endpoints in the report, select the Include deactivated and hidden checkbox. This is an optional step.
- Click the Submit button.
The report displays in the right pane.
- Select a file and click the Create override button to reclassify it in one of the following ways:
- Good — Always allow the file to run on the endpoint. Do not detect the file during scans or send it to quarantine. After you select Good, the file is listed in the Overrides tab with Good as the Manual Determination, but the Cloud Determination remains Undetermined.
- Bad — Always send the file to quarantine when detected during scans. After you select Bad, the file is listed in the Overrides tab with Bad as the Manual Determination, but the Cloud Determination remains Undetermined.
You can also select whether you want to apply this override to all policies or selected policies, so you don't need to create this override again on other endpoints.
- To display or hide additional data for the report, click a column header to display the drop-down menu, then select checkboxes to add, or remove columns.