Endpoint Protection

 View Only
  • 1.  False Positive Bloodhound detection

    Posted Oct 20, 2021 09:12 AM
    Hi, we have SEP 14.3 RU2. There is a lot of bloodhound false positive detections on SEP. Bloodhound level is set to automatic under AV policy. 

    Most of the false positive bloodhound detected files have rtf extension and are clean files. 

    How can we fix this false positive bloodhound detections? or how can we set up exceptions for these files from bloodhound detections?


    Thanks 


    ------------------------------
    Symantec Enthusiast
    ------------------------------


  • 2.  RE: False Positive Bloodhound detection

    Posted Oct 20, 2021 10:15 AM
    Hi,

    Are they part of any internal developed software? When did these detections begin? You can submit them for review here.

    If you need to exclude them temporarily, you can do that via a regular file exclusion.


  • 3.  RE: False Positive Bloodhound detection

    Posted Oct 21, 2021 03:11 AM

    an rtf file is normally a txt file and should not really be part of an detection by SEP AML.

    Did this files has been uploaded to Symantec for a checkup?
    Are this files *.exe.rtf files?

    Recommendation, send it to Symantec for analysis with the detection.