Configuring Datto AV alert only mode

Datto AV is designed to protect your systems from malicious software. However, during initial setup, it may sometimes flag legitimate files as threats (false positives). To prevent these files from being quarantined or altered, you can use Datto AV's alert only mode to fine tune your settings. This guide will walk you through the process of identifying and excluding false positives before fully enabling Datto AV's protection.

Alert only mode

Alert only mode is a special setting for Datto AV's scheduled scans. When enabled, it will:

  • Scan your system thoroughly: Datto AV will still analyze all your files and folders.
  • Alert you to potential threats: If it finds anything suspicious, it will generate an alert in the Datto AV dashboard.
  • Not take any action: It will not quarantine, delete, or modify any files.

Alert only mode allows you to review the alerts, determine if they are genuine threats or false positives, and then take appropriate action.

This feature only applies to scheduled scans. If Datto AV detects a potential threat in real-time, it will still quarantine the file.

NOTE  It's recommended you review your Datto AV alerts and exclusions list periodically to ensure optimal protection.

  1. On the top navigation bar, click Policies.
  2. Do one of the following:
    • Click the Create Policy button and create a new Datto Antivirus policy.
    • In the Policy List, for the desired Datto Antivirus policy, in the last column, click the ellipses menu. Select Edit.
  3. In the Real-time Protection Scan section, click the Enable Real-time Protection Scans toggle to disable it.
  4. In the Scheduled File Scan Settings section, under Alert Action, click the Alert-Only Action on Detection toggle to enable it.
  5. In the Schedule Full Scan section, enable Schedule Full Scan. Complete all fields.
  6. In the upper-right corner, click Save.

After the scan is finished, you can review alerts on the Datto AV Dashboard. False positives you identify can be added to the exclusions list.

  1. In the Policy List, for the desired Datto Antivirus policy, click the ellipses menu. Select Edit.
  2. Scroll to the Scheduled File Scan Settings section.
  3. To exclude a folder, under Exclude Folders, enter the full path to the folder (e.g., c:\temp\test). Enter one folder path per line.
  4. To exclude a file, under Exclude Files, enter the full path to the file (e.g., c:\temp\test\mytest.config). Enter one file path per line.
  5. In the upper-right corner, click Save.
  6. Run the scheduled scan again in alert only mode.
  7. Review the scan results and if necessary, update the exclusions list.
  8. When all false positives have been addressed, edit the Datto Antivirus policy:
    1. In the Real-time Protection Scan section, click the Enable Real-time Protection Scans toggle to enable it.
    2. In the Scheduled File Scan Settings section, under Alert Action, click the Alert-Only Action on Detection toggle to disable it.
  9. In the upper-right corner, click Save.