Our CCTV NVR software (Exacqvision) has the ability to generate .exe files containing security camera footage from multiple cameras in a synchronized viewer. We are frequently sharing footage to police, where this ability is important to have.
Since these .exe files are unique every time they’re created, SEP’s reputation-based scanning flags the files as soon as they’re created (WS.Reputation.1). Our users are able to unquarantine them, but they remain in my logs as “still infected” files. This is a pain point to both my users and myself that I have been unable to resolve.
Whitelisting the software has had no effect, and I’m not looking to disable the reputation-based detections or download insight, so I’m curious if there’s an official answer to this, or if anyone else has had similar experiences with this.
Ideally, I want SEP to not detect the .exe files generated by Exacqvision, while continuing to protect against other low-reputation files.