Applying overrides to files from reports



Hello. You have arrived at an outdated topic. Please click this link to be redirected to the updated Endpoint Protection Admin Guide.

From the Reports tab, you can apply an override to a file designated as a threat so it won't be detected and quarantined again in the future. You can add overrides from these reports:

  • All Threats Seen.
  • All Undetermined Software Seen.
  • Endpoints with Threats on Last Scan, in the panel for Threats Seen on this Endpoint panel (individual endpoints only).
  • Endpoints with Undetermined Software on Last Scan, in the panel for All Undetermined Software Seen on this Endpoint (individual endpoints only).

To create an override from reports:

  1. Click the Reports tab and generate one of the reports listed above.
  2. Select the desired filename and click Create override from the command bar.



    The following dialog opens:



  3. Open the Determination drop-down menu by clicking the arrow to the right of the field. Select one of the following:
  • Good: Always allow the file to run.
  • Bad: Always send the file to quarantine.

  1. You can apply this override globally or to an individual policy, as follows:
  • To apply the override to all policies, keep the Apply the override globally checkbox selected.
  • To select an individual policy for the override, deselect the checkbox. When the Policy field appears, click the drop-down arrow to the right of the field and select a policy.



  1. When you're done, click Save.
  2. If you want to test the file's detection, you can send the endpoint a Reverify all files and processes command (see Issuing commands to a group of endpoints).