Implementing Overrides



Hello. You have arrived at an outdated topic. Please click this link to be redirected to the updated Endpoint Protection Admin Guide.

Overrides provide administrative control of the files and applications in your environment, allowing you to designate files as Good (always run) or Bad (always quarantine). For example:

  • You may decide to quarantine legitimate files for certain business purposes. For example, if you don't allow users to make Skype voice calls during business hours, you can set an override that always sends the Skype executable file to quarantine when detected during scans.
  • Conversely, if Endpoint Protection is quarantining a file that you want to allow, you can set an override that ignores the file during scans.
  • An override can have different settings at the global level and at the policy level. Be aware that Policy settings take precedence over Group settings.
Note: To fully manage overrides, you must have access permissions for Overrides: MD5 and Overrides: Determination Capability. To change permissions, see Setting Permissions for Portal Users.

To change how a file is detected and managed, you can apply one of the following overrides:

  • Good — Always allow the file to run on the endpoint. Do not detect the file during scans or send it to quarantine.
  • Bad — Always send the file to quarantine when detected during scans.

You can add overrides from several locations:

  • Overrides Tab — You can create either a Good or Bad override for any type of file. To do this, you must first scan the endpoint, save its scan log, and locate the MD5 value of the file. MD5 (Message-Digest algorithm 5) is a cryptographic hash function that produces a 128-bit value, which acts like a fingerprint to uniquely identify a file. For more information, see Applying Overrides From the Overrides Tab.
  • Group Management Tab — You can search for endpoints where threats were detected and quickly apply overrides. The MD5 value is already identified for the file. For more information, see Applying Overrides to Files From Groups.
  • Reports Tab — You can search for endpoints where threats were detected in certain reports and quickly apply overrides. The MD5 value is already identified for the file. For more information, see Applying overrides to files from reports.
  • Dwell Time Popup — You can create an override for an MD5 from within this popup. For more information, see Applying Overrides From Dwell Time Popups.