From a group level, you can apply an override to a file designated as a threat so it won't be detected and quarantined again in the future.
To apply an override from groups:
- Log in to your Endpoint Management console.
The Endpoint Protection console displays, with the Status tab active.
- Click the Group Management tab.
The Group Management tab displays, with the Groups tab active.
- In the left pane, select the group for the endpoint where the file was detected.
A list of endpoints displays.
- In the right pane, select the endpoint where the file was detected.
- In the Scan History list at the bottom, do either of the following:
- Click View all threats seen on this endpoint
- Click View in the Status column for the date when the threat was detected .
- In the dialog, select the checkbox for the filename you want to create an override for and click the Create override icon.
The Create override window displays.
- From the Determination drop-down menu, select one of the following:
- Good — Always allow the file to run.
- Bad — Always send the file to quarantine.
- In the Description field, enter a description for the override.
- Apply the override in one of the following ways:
- To apply the override to all policies, do not select the Assign to a policy? checkbox.
- To apply the override to an individual policy, select the Apply to a policy? checkbox. When the Policy field displays, select a policy from the drop-down menu.
- When you're done, click the Save button.
- To test the file's detection, send the endpoint a Reverify all files and processes command. For more information, see Issuing Commands to Endpoints.