Applying Overrides From the Overrides Tab

When you apply overrides from the Overrides tab, you must first locate the MD5 values of files by running a scan on the endpoint. When SecureAnywhere scans the device, it creates a scan log where it stores the path name, file name, and MD5 value for executables and other types of files that run a process. You need that MD5 value to create the override.

To override a file designated as Bad, you should go to the Groups or Reports tabs. These tabs display detected threats and their associated MD5 values, which saves you time in creating Bad overrides.

This procedure has two parts:

Note: This procedure only be done on a Windows computer.

To locate and save MD5 values:

  1. Run a scan on the endpoint to capture MD5 values.

    You can run the Scan command either from the endpoint itself or by using the Scan command from the Groups tab. For more information, see Issuing Commands to Endpoints.

  2. On the endpoint, such as a PC or other device, open SecureAnywhere.
  3. Click the System Tools tab.
  4. In the left pane, select Reports.
  5. In the Scan Log section of the page, click the Save as button and specify a name and location for the log.

  6. Open the scan log and locate the MD5 value to the right of the filename.

    The following example display the MD5 value for a file named csrss.exe.

  7. Copy the value, so you can paste it into the Management Portal.

To add an MD5 override from the Overrides tab:

  1. Log in to your Endpoint Protection console.

    The Endpoint Protection console displays, with the Status tab active.

  2. Click the Overrides tab.

    The Overrides tab displays, with the File & Folder Overrides tab active.

  3. Click the Create icon.

    The Create override window displays.

  4. In the Override Name field, enter a name for the override.

  5. In the Override Type area, select the MD5 radio button.

  6. In the MD5 field, paste the copied MD5 value

  7. In the Apply to a policy area, do either of the following:
    • To not apply a policy, select the No radio button.

    • To apply the override to a single policy, select the Yes radio button. Then, from the Select a policy drop-down menu, select the policy you want to apply the override to.

    Note: You can apply an override globally or you can apply it to a single policy; you cannot do both.

  1. When you're done, click the Save button.

  2. To test how SecureAnywhere will detect the file, send the endpoint a Reverify all files and processes command. For more information, see Issuing Commands to Endpoints.