Although SCEP is known for having a fairly low rate of false positives, they will sometimes occur. One common issue that many organizations deal with is the fact that both, DameWare and VNC, are flagged as malicious remote control software in the SCEP definition file. This was done, because a number of Trojans have been known to contain elements of these products.
In this recipe, we will be removing a false positive for DameWare by configuring our policy to overlook it.
For this recipe, you will need to utilize an account that has at least the SCEP administrator role assigned to it.
Follow these steps:
1. Log into your SCCM CAS server and launch your SCCM 2012 management console.
2. Navigate to
Assets
and
Compliance\Overview\Endpoint
Protection\Antimalware
Policies
, select a policy that applies to the workstation or server that is experiencing the false positive, right-click on the policy, and select properties.3. Select Threat Overrides...