If you still awaiting an answer let me know will alert someone with knowledge on EPO side of it.. but if its a FP usually the process is same across the board, you submit via myportal.. but let's hold on for an expert to comment
If it's just unknown files being reported by GetSusp, - then run GetClean on a couple of clean images to mass whitelist the files in the customer environment. Post this, the noise from GetSusp scans should significantly reduce.
If it's actual false positives (assumed_dirty, Trojan, Virus, Pup) being reported on files that you know are clean escalate to McAfee Labs via the usual support channels.
actually the endpoints are spreaded around the world. Therefore we are using GetSusp with EPO.
There is no change, many files are still reported as malware and a extra.dat file is sent to me. I sent many of this reports to support, still no change.
Is there an EPO version of GetClean available?
We intentionally don’t provide an ePO version of GetClean as this tool is not meant to be mass deployed but only run on GOLD COE images or clean file repositories.