When Behavior Monitoring is enabled, it may falsely detect some applications as suspicious or malicious, and then block it. If you have defined that the blocked application is a trusted resource, you can safelist applications to avoid false detection.
To add the full path of an application to the Exception list, do the following:
- Login to the Deep Security web console.
- On the Policies tab, double-click a policy you want to configure.
- Click Anti-Malware in the left pane, and select Advanced tab.
- Under Behavior Monitoring Protection Exceptions, enter the full path of the application (i.e. C:\Program Files\Outlook\Outlook.exe) you want to exclude and then click Add.
If you have seen the detection under Events tab, you can simply right-click the event and click Allow to safelist.
An application can be submitted to Trend Micro Technical Support for verification and safelisting. Once the application has been verified to be normal, it will be safelisted to avoid further detection.
Software developers can apply for the Trend Micro GRID program where they can submit the application before public release. You may refer to The GRID: Goodware Resource and Information Database for more information.