Restoring Programs Incorrectly Detected as Spyware

About this task

CPM will keep up to 15 copies per client of the files it detects as spyware. If CPM incorrectly classified a program running on the endpoints as spyware, you can undo the action (that is, replace the file on the endpoint) by running the Restore Spyware/Grayware... task. Before running the restore, be sure to add the program(s) in question to the Spyware Approved List so the mis-detection will not occur again.

Note: If the same program was detected on many different endpoints, or if you choose to restore many different programs at the same time, it may take a while for the restoration to finish on the targeted computers.

Procedure

From the console menu, click Endpoint Protection on the bottom left pane.
From the upper left navigation pane, go to Core Protection Module > Common Tasks > Core Protection Module > Restore Spyware/Grayware. The Spyware/Grayware Restore Wizard opens.
Select the snapshot(s) from the Spyware/Grayware Snapshots Detected list that contain the software you want to restore to the computers from which it was removed.
Click the button, Restore Selected Snapshots.... The Edit Task window opens.
Edit the Name field and use the Description tab to edit it, so it clearly identifies the purpose of this custom Task.
Edit the Description and the Relevance tabs if necessary, to reflect your goals.
Click OK. At the prompt, type your private key password and click OK. The Task Description window opens.
Below Actions, click the hyperlink to open the Take Action window.
In the Target tab, click All computers with the property values selected in the tree list below and then choose a property that will include all the computers you want to deploy this Action to.
Click OK. At the prompt, type your private key password and click OK.
The Action | Summary window that opens, monitor the "Status" of the Action to confirm that it is "Running" and then "Completed".
Close any open windows to return to the console view.