Applying overrides to files from groups



Hello. You have arrived at an outdated topic. Please click this link to be redirected to the updated Endpoint Protection Admin Guide.

From a group level, you can apply an override to a file designated as a threat so it won't be detected and quarantined again in the future.

To apply an override from groups:

  1. Click the Group Management tab.
  2. From the left panel, select the group for the endpoint where the file was detected.



  3. In the right panel, select the endpoint where the file was detected.
  4. In the Scan History list at the bottom, you can click View in the Status column for the date when the threat was detected or you can click View all threats seen on this endpoint.



  5. In the dialog, select the desired filename by clicking in its checkbox.
  6. Click Create override.



    The following dialog opens:



  7. Open the Determination drop-down menu by clicking the arrow to the right of the field. Select one of the following:
  • Good: Always allow the file to run.
  • Bad: Always send the file to quarantine.

  1. You can apply this override globally or to an individual policy, as follows:
  • To apply the override to all policies, keep the Apply the override globally checkbox selected.
  • To select an individual policy for the override, deselect the checkbox. When the Policy field appears, click the drop-down arrow to the right of the field and select a policy.



  1. When you're done, click Save.
  2. If you want to test the file's detection, you can send the endpoint a Reverify all files and processes command (see Issuing commands to a group of endpoints).