Restoring Programs Incorrectly Detected as Spyware
About this task
CPM will keep up to 15 copies per client of the files it detects as spyware. If CPM incorrectly classified a program running on the endpoints as spyware, you can undo the action (that is, replace the file on the endpoint) by running the Restore Spyware/Grayware... task. Before running the restore, be sure to add the program(s) in question to the Spyware Approved List so the mis-detection will not occur again.
Note: If
the same program was detected on many different endpoints, or if you
choose to restore many different programs at the same time, it may
take a while for the restoration to finish on the targeted computers.
Procedure
- From the console menu, click Endpoint Protection on the bottom left pane.
- From the upper left navigation pane, go to . The Spyware/Grayware Restore Wizard opens.
- Select the snapshot(s) from the Spyware/Grayware Snapshots Detected list that contain the software you want to restore to the computers from which it was removed.
- Click the button, Restore Selected Snapshots.... The Edit Task window opens.
- Edit the Name field and use the Description tab to edit it, so it clearly identifies the purpose of this custom Task.
- Edit the Description and the Relevance tabs if necessary, to reflect your goals.
- Click OK. At the prompt, type your private key password and click OK. The Task Description window opens.
- Below Actions, click the hyperlink to open the Take Action window.
- In the Target tab, click All computers with the property values selected in the tree list below and then choose a property that will include all the computers you want to deploy this Action to.
- Click OK. At the prompt, type your private key password and click OK.
- The Action | Summary window that opens, monitor the "Status" of the Action to confirm that it is "Running" and then "Completed".
- Close any open windows to return to the console view.