From a group level, you can apply an override to a file designated as a threat so it won't be detected and quarantined again in the future.


To apply an override from groups:


  1. Log in to your Endpoint Management console.

    The Endpoint Protection console displays, with the Status tab active.

  2. Click the Group Management tab.

    The Group Management tab displays, with the Groups tab active.

  3. In the left pane, select the group for the endpoint where the file was detected.

    A list of endpoints displays.

  4. In the right pane, select the endpoint where the file was detected.

  5. In the Scan History list at the bottom, do either of the following:
    • Click View all threats seen on this endpoint
    • Click View in the Status column for the date when the threat was detected .

  1. In the dialog, select the checkbox for the filename you want to create an override for and click the Create override icon.

    The Create override window displays.


  1. From the Determination drop-down menu, select one of the following:
    • Good — Always allow the file to run.
    • Bad — Always send the file to quarantine.

  1. In the Description field, enter a description for the override.

  2. Apply the override in one of the following ways:
    • To apply the override to all policies, do not select the Assign to a policy? checkbox.
    • To apply the override to an individual policy, select the Apply to a policy? checkbox. When the Policy field displays, select a policy from the drop-down menu.


  1. When you're done, click the Save button.

  2. To test the file's detection, send the endpoint a Reverify all files and processes command. For more information, see Issuing Commands to Endpoints.