From the Reports tab, you can apply an override to a file designated as a threat so it won't be detected and quarantined again in the future. You can add overrides from the following reports:
- Generating All Threats Seen Reports
- Generating All Undetermined Software Seen Reports
- Generating Endpoints With Threats On Last Scan Reports, in the panel for Threats Seen on this Endpoint panel; individual endpoints only.
- Generating Endpoints With Undetermined Software On Last Scan Reports, in the panel for All Undetermined Software Seen on this Endpoint; individual endpoints only.
To apply an override from reports:
- Log in to your Endpoint Protection console.
The Endpoint Protection console displays, with the Status tab active.
- Click the Reports tab.
The Reports tab displays. - From the Report Type drop-down menu, select one of the reports listed above and click the Submit button to generate a report.
- In the All Threats Seen area, select the filename and from the command bar, click the Create override icon.
The Create override window displays.
- From the Determination drop-down menu, select one of the following:
- Good — Always allow the file to run.
- Bad — Always send the file to quarantine.
- Apply the override in one of the following ways:
- To apply the override to all policies, do not select the Apply to a policy? checkbox.
- To select an individual policy for the override, deselect the Apply to a policy? checkbox. When the Policy field displays, from the Policy drop-down menu, select a policy.
- When you're done, click the Save button.
- To test the file's detection, send the endpoint a Reverify all files and processes command. For more information, see Issuing Commands to Endpoints.