A company uses a remote administration tool that is detected as Hacktool.

To allow the use of aremote administration tool detected as Hacktool.KeyLoggProwithout interference from SEP, the administrator should create aKnown Risk exceptionfor the tool. This exception type allows specific files or applications to bypass detection, thereby avoiding quarantine or blocking actions.

Steps to Create a Known Risk Exception:

In the SEP management console, navigate toPolicies > Exceptions.

Choose to create aKnown Risk exceptionand specify the tool’s executable file or file path to prevent SEP from identifying it as a threat.

Why Known Risk Exception is Appropriate:

This type of exception is designed for tools that SEP detects as potentially risky (like hacktools or keyloggers) but are authorized for legitimate use by the organization.

Creating this exception allows the tool to operate without being flagged or quarantined.

Reasons Other Options Are Less Effective:

Tamper Protect exceptionsonly prevent SEP from being tampered with by other applications.

Application to Monitor exceptionsmonitor applications without preventing quarantine actions.

SONAR exceptionsare specific to behavior-based detections, not risk definitions.

References: Creating Known Risk exceptions is the recommended approach when allowing specific tools in SEP that may otherwise be detected as threats​.