I have a Symantec AV version 12.1 running on Windows 7 PC pops up with the following info:
Scan type: Auto protect
Event: Security Risk Found!
Security risk detected: Suspicious.Cloud.2
File: C:\Users\John\AppData\Local\Apps\2.0\6HE5YPVH.WDN\C2WDKB3N.M0P\adr...tion_476e8145bb5b085c_0001.0008_68c7b2e1c4fcaa18\ADR.exe
Location: Quarantine
Computer: THINKCENTER
User: SYSTEM
Action Taken: Quarantine succeeded : Access denied
Date found: Thursday, July 03, 2014 2:56:52 PM
The company that I'm working for has been using this software for a few years without any problem. The only recent change that happens around 2 PM today is virus definition update.
I'd like to un-quarantine the file so I can upload it to virustotal.com or send it to Symantec for further analysis. I can't do that because Symantec keeps catching and putting the file back into quarantine. How can I release this file and bypass Symantec auto protect detection?
If this is a false detection, how can I add this EXE file in the Exception rule? Thanks in advance.