Authorize suspicious items

If you use role-based administration:

You must have the Policy setting - anti-virus and HIPS right to perform this task.
You cannot edit a policy if it is applied outside your active sub-estate.

For more information, see Managing roles and sub-estates.

If you have enabled one or more HIPS options (for example, suspicious behavior detection, buffer overflow detection, or suspicious file detection), but you want to use some of the items detected, you can authorize them as follows:

Check which anti-virus and HIPS policy is used by the group or groups of computers you want to configure.
See Check which policies a group uses.
In the Policies pane, double-click Anti-virus and HIPS.
Double-click the policy you want to change.
The Anti-Virus and HIPS Policy dialog box is displayed.
Click Authorization.
The Authorization Manager dialog box is displayed.
Click the tab for the type of behavior that has been detected.
In this example, we'll use Buffer Overflow.
In the Known applications list, select the application you want to authorize.
If you cannot see the application you want to authorize, you can add it to the list of authorized applications yourself. For information on how to do this, see Pre-authorize potentially suspicious items.
Click Add.

The suspicious application appears in the Authorized applications list.