From the Reports tab, you can apply an override to a file designated as a threat so it won't be detected and quarantined again in the future. You can add overrides from the following reports:



To apply an override from reports:


  1. Log in to your Endpoint Protection console.

    The Endpoint Protection console displays, with the Status tab active.

  2. Click the Reports tab.

    The Reports tab displays.

  3. From the Report Type drop-down menu, select one of the reports listed above and click the Submit button to generate a report.

  4. In the All Threats Seen area, select the filename and from the command bar, click the Create override icon.

    The Create override window displays.


  1. From the Determination drop-down menu, select one of the following:
    • Good — Always allow the file to run.
    • Bad — Always send the file to quarantine.


  1. Apply the override in one of the following ways:
    • To apply the override to all policies, do not select the Apply to a policy? checkbox.
    • To select an individual policy for the override, deselect the Apply to a policy? checkbox. When the Policy field displays, from the Policy drop-down menu, select a policy.

  1. When you're done, click the Save button.

  2. To test the file's detection, send the endpoint a Reverify all files and processes command. For more information, see Issuing Commands to Endpoints.