Endpoint Protection

Using Visual Studio 2015, part of our build and test process, generates an intermediate executable, which I will call  test_example.exe.
Symantec Endpoint's SONAR tool is repeatedly quarantining this executable, blocking my development.

Removing the executable from quarantine is not helpful because the file is quarantined when it is needed.
By the time I can remove it, it is too late.

I also tried to disable the quarantine by going to:
   Symantec Endpoint Protection->Change Settings->Exceptions->Configure Settings->Add
and added the directory path where the file is created.
However, the file is still being quarantined.

I'd rather not disable Symantec Endpoint, as much as that is a security issue.

Thank you!

 

Did you add the exception specifically for the SONAR component? Sounds like you only added it for Auto-Protect.

Handling and preventing SONAR false positive detections

Yes, good point, but the exception type is set to 'SONAR'.
I should mention that I did not reboot.
I'm running the test again and will report if the reboot helped.

The exception should take effect immeditely - no reboot is needed.

If the executable was detected in a different location than what the exception specified than this could be the problem.

Hi Michael,

If you are confident that "test_example.exe" is a safe application, please do submit it to the False Positive portal for examination.  Also, you can create exclusions for it by name or hash.

Best Practice when Symantec Endpoint Protection is Detecting a File that is Believed to be Safe
http://www.symantec.com/docs/TECH98360

Hello Brian,

The executable may be called from many places, so I will move the exclusion path up to the top node. Thank you!

Mick,

Unfortunately, my company and group would frown on submitting our source or executables.
However, I am 100% sure it is safe. We build it ourselves from our own source.
Thank you for the suggestion!

-Mike