Hello, please let me start off by stating if this is not the correct forum or if this has been asked and answered before, I do apologize, and I will try to dig in more and find the answers.
I am new to SEP and I am looking for some answers on how to whitelist files/traffic/apps that would be flagged by an IPS policy.
What we are doing is enabling IPS on our remaining Server 2008 environment and what I have done so far is created our groups based on server function and enabled the IPS in an audit only mode to see what it will pickup and block when we remove that check. What I am looking for is how I actually whitelist the files that are being flagged as "malicious". I was really hoping for a simple right-click and whitelist option from either the SEPM or the endpoint and I am not seeing one. So all of that said, I am really hoping that someone in this community might be able to share some advice or best practices on how this should be done.