Close TOC
My Group: This user has no roles.
My Distribution ID: Please log in to see your distribution ID.

Explore This Section

Home Learn and Resolve Troubleshooting
My Group: This user has no roles.
My Distribution ID: Please log in to see your distribution ID.
Open TOC

Page Contents

 

Handling False Positives with Endpoint Protection Systems

Disclaimer

SYNAXIOM does not distribute NIVOMAX Viewer setup files directly to end users. To obtain the necessary setup files, users must download a copy directly from the Technical Publications Supplier's NIVOMAX Self Serve portal, subsequent to agreeing to the terms and conditions stipulated therein. The Technical Publication Supplier, possessing a valid Distribution ID for their copy of the NIVOMAX Applications, is the sole distributor. Access to and use of the NIVOMAX Viewer is contingent upon the purchase of a Data License for a digital product from the Technical Publications Supplier. The digital product downloaded will function exclusively with the viewer provided by the respective Supplier. Users are advised that the distribution of NIVOMAX Viewer setup files may be governed by applicable export control regulations depending on their region.

Licensing

It is not necessary for end-users to purchase a separate NIVOMAX license. The Technical Publications Supplier from whom you have acquired your Data License has already procured the requisite licenses from SYNAXIOM. By extending an invitation, they include you within their authorized user pool, as permitted under their NIVOMAX license agreement. You are authorized to use the NIVOMAX software provided the Technical Publications Supplier maintains a valid NIVOMAX software license.

Confidentiality

This document (“Document”) contains confidential and proprietary information owned by SYNAXIOM Inc. (“SYNAXIOM”). No part of this Document may be reproduced, copied, or distributed in any form or by any means without the prior written permission of SYNAXIOM Inc. Unauthorized use, disclosure, or reproduction of this Document is strictly prohibited. Any third-party intellectual property mentioned herein is the property of their respective owners, and such mention is for informational purposes only and does not imply any association with or endorsement by the owners.

This page must not be removed before distributing the document. It must remain present in all shared copies to ensure proper communication and compliance.

Handling False Positives with Endpoint Protection Systems

Last Updated on August 6, 2024 | 4 min read

When deploying software, encountering issues with anti-virus or endpoint protection systems is a common challenge. NIVOMAX software is signed by SYNAXIOM and so can be installed without issue on most systems. However, in some cases users have reported that NIVOMAX application executables or setup EXE files are being flagged and quarantined by their endpoint protection systems. This article explains why this can happen, what it means, and how you can ensure the successful installation of your applications.

Understanding False Positives

A false positive occurs when a legitimate file is incorrectly identified as malicious by an anti-virus or endpoint protection system. This can happen due to several reasons:

  1. Heuristic Analysis: Endpoint protection systems use heuristic analysis to detect potentially unknown threats. If the behavior of the setup EXE file resembles that of a known malicious file, it may be flagged.
  2. Reputation-Based Detection: Some systems use reputation-based detection, which can flag files that are new or not widely recognized.

    Since NIVOMAX applications are used by a niche user group within the global software user base, this type of flag is the most common.

  3. Signature Updates: Occasionally, recent updates to the anti-virus signatures may include new patterns that falsely match the setup EXE file.

Steps to Resolve the Issue

To ensure that your setup EXE files are not quarantined and can be installed successfully, follow these steps:

  1. Verify the File:
    • Ensure you have downloaded the setup EXE file from an official and trusted source. Verify the file’s integrity using checksums if available.
  2. Report the False Positive:
    • Report the file as a false positive to your endpoint protection provider. This helps improve their detection algorithms and prevents future occurrences.
    • Most providers have a submission portal or a process for reporting false positives. Check their website or support documentation for details.
  3. Add an Exception in Your Endpoint Protection System:
    • Open your endpoint protection client.
    • Navigate to the settings or configuration section for managing exceptions.
    • Add the setup EXE file or its directory to the exception list. This will prevent the system from scanning or quarantining the file.
  4. Temporarily Disable Endpoint Protection:
    • As a temporary measure, you can disable the endpoint protection during the installation of the setup EXE file. Ensure you re-enable it immediately after installation.
  5. Update Endpoint Protection Definitions:
    • Ensure that your endpoint protection system’s virus definitions are up to date. Sometimes, outdated definitions can cause false positives.

Example: Symantec Endpoint Protection

For example, in recent versions of Symantec Endpoint Protection (SEP), you might encounter the status ‘Infected’ and the risk ‘Unproven.Insight.’ This falls under the category of Reputation-Based Detection. Here are specific steps to resolve it:

  1. Report the False Positive: Use the Symantec Submission Portal to report the file.
  2. Add an Exception in SEP:
    • Open the SEP client.
    • Go to Change Settings > Exceptions.
    • Add the setup EXE file or its directory to the exception list.
  3. Temporarily Disable SEP:
    • Disable SEP during the installation of the setup EXE file and re-enable it afterward.
  4. Update SEP Definitions:
    • Ensure SEP’s virus definitions are up to date.

Similar steps can be used for other endpoint protection systems to resolve false positives. Refer to your specific endpoint protection provider’s documentation for detailed instructions.

Guidance for IT Administrators

If you are an IT administrator managing multiple endpoints, consider the following additional steps:

  • Deploy Centralized Exceptions:
    • Use your endpoint protection management console to deploy exceptions across all endpoints.
    • Navigate to the policies or configurations section to configure the necessary exceptions.
  • Create a Whitelist:
    • For critical applications, maintain a whitelist of trusted files that the endpoint protection system will not scan or quarantine.
  • Educate Users:
    • Inform your users about the potential for false positives and the steps to follow if they encounter this issue.

By understanding and addressing false positives, you can ensure smooth deployment and operation of your applications while maintaining robust security across your network.

If you need further assistance, please contact our support team.

For the latest documentation on this and other important topics, please refer to the NIVOMAX Help Center. The NIVOMAX Help Center is your primary resource for up-to-date information, guidelines, and self-serve support for NIVOMAX.

This document also has an online version which may be more up-to-date.
 

Guides

NIVOMAX © 2017-2025 All rights reserved SYNAXIOM INC.
© 2005 – 2025 SYNAXIOM Inc.
Usage of this site constitutes acceptance of our Intellectual Property Policy; please ensure you have read it thoroughly.

CONFIDENTIAL

This document is the property of SYNAXIOM Inc.

NIVOMAX © 2017-2025 All rights reserved SYNAXIOM INC. © 2005 – 2025 SYNAXIOM Inc.
Usage of this document constitutes acceptance of our Intellectual Property Policy; please ensure you have read it thoroughly.

Uncontrolled copy generated on: 2025-05-14 18:24:17