Hello, please let me start off by stating if this is not the correct forum or if this has been asked and answered before, I do apologize, and I will try to dig in more and find the answers.
I am new to SEP and I am looking for some answers on how to whitelist files/traffic/apps that would be flagged by an IPS policy.
What we are doing is enabling IPS on our remaining Server 2008 environment and what I have done so far is created our groups based on server function and enabled the IPS in an audit only mode to see what it will pickup and block when we remove that check. What I am looking for is how I actually whitelist the files that are being flagged as "malicious". I was really hoping for a simple right-click and whitelist option from either the SEPM or the endpoint and I am not seeing one. So all of that said, I am really hoping that someone in this community might be able to share some advice or best practices on how this should be done.
Tried this, once detected you will go to exceptions and add that signature to allow
Rafeeq's option will allow all detections under that signature, which is only recomended by Symantec as a last resort.
IPS will honor firewall rules. If a firewall rule is added, it will allow the traffic.
Otherwise if you are seeing the detection in a common computer such as a development PC or network scanner, you can add the IP to a list of excluded host using the following instructions: https://support.symantec.com/us/en/article.HOWTO81159.html