Applying overrides from the Overrides tab

Hello. You have arrived at an outdated topic. Please click this link to be redirected to the updated Endpoint Protection Admin Guide.

When you add overrides from the Overrides tab, you must first locate the MD5 values of files by running a scan on the endpoint. When SecureAnywhere scans the device, it creates a scan log where it stores the path name, file name, and MD5 value for executables and other types of files that run a process. You need that MD5 value to create the override.

Note: This can only be done on a Windows computer.

Tip: If you want to override a file designated as "Bad," you should go to the Groups or Reports tabs. These tabs show detected threats and their associated MD5 values, which saves you time in creating "Bad" overrides.

To locate and save MD5 values:

  1. Run a scan on the endpoint to capture MD5 values.
    You can run the Scan command either from the endpoint itself or by using the Scan command from the Groups tab (see Issuing commands to a group of endpoints).
  2. On the endpoint (the PC or other device), open SecureAnywhere. Click the System Tools tab, then Reports. In the Scan Log section of the page, click Save as and specify a name and location for the log.

  3. Open the scan log and locate the MD5 value to the right of the filename.
    The following example shows the MD5 value for a file named csrss.exe.

  4. Copy the value, so you can paste it into the Management Portal.

To add an MD5 override from the Overrides tab:

  1. Return to Endpoint Protection and click the Overrides tab.
  2. Click Create from the command bar.

  3. In the Create Override dialog, paste the copied MD5 value into the MD5 field.

  4. Open the Determination drop-down menu by clicking the arrow to the right of the field. Select one of the following:
  • Good: Always allow the file to run.
  • Bad: Always send the file to quarantine.

  1. Do either of the following to apply the override:
  • To apply the override to all policies, select the Apply the override globally checkbox.
  • To apply the override to a single policy, deselect the Apply the override globally checkbox. Then, from the Policy drop-down menu, select the policy you want to apply the override to.

    Note: You can apply an override globablly or you can apply it to a single policy; you cannot do both.
  1. When you're done, click Save.
  2. If you want to test how SecureAnywhere will detect the file, you can send the endpoint a Reverify all files and processes command (see Issuing commands to a group of endpoints).