SecureAnywhere may sometimes detect a file that appears legitimate, but also exhibits questionable behavior. In these cases, it classifies the file as Undetermined.
To locate files that SecureAnywhere classified as "Undetermined," you can generate the All Undetermined Software Seen report. The All Undetermined Software Seen report shows all undetermined software (typically executable files) that SecureAnywhere cannot classify as either safe or as malware.
This report lists items by filename, along with when and where SecureAnywhere detected them. This report might show duplicate entries if the undetermined software was detected multiple times or in multiple places. You can also use this report to create overrides and tag files as either Good or Bad, so SecureAnywhere knows how you want to classify them in the future.
From the report, you can modify the report data as follows:
View all undetermined software within a selected policy or group, which is helpful if you need to narrow search results to a specific set of endpoints.
Drill down to see the files detected within a date range, which is helpful if you want to narrow the search results to a specific time period.
To generate the All Undetermined Software Seen report:
From the Endpoint Protection console, click the Reports tab.
From the Report Type drop-down menu, select All Undetermined Software Seen.
If needed, select a specific policy or group. If you do not select a policy or group, the report data shows all policies and groups, and, depending on your environment, may take a long time to generate.
To enter a date range for the data, select the Select time period checkbox. This is an optional step.
To include deactivated and hidden endpoints in the report, select the Include deactivated and hidden checkbox. This is an optional step.
Click the Submit button.
The report displays in the right panel.
Select a file and click Create override to reclassify it in one of the following ways:
Good — Always allow the file to run on the endpoint. Do not detect the file during scans or send it to quarantine. After you select Good, the file is listed in the Overrides tab with Good as the Manual Determination, but the Cloud Determination remains Undetermined.
Bad — Always send the file to quarantine when detected during scans. After you select Bad, the file is listed in the Overrides tab with Bad as the Manual Determination, but the Cloud Determination remains Undetermined.
You can also select whether you want to apply this override to all policies or selected policies, so you don't need to create this override again on other endpoints.
To show or hide additional data for the report, click a column header to display the drop-down menu, then select checkboxes to select, add, or remove columns. For more information about the descriptions of the data in the columns, see Sorting Data in Tables and Reports.