We are having issues with Cryptoguard false positives involving Juniper "Host Checker", and Juniper "Pulse Secure - dsCCProc".
Both of these processes reside in the user profile, in folders that are redirected onto a network share (\\domain\shares\appdata\username\appdata\roaming\juniper networks\host checker\).
Every time that an RCA is created, the originating process is different (usually explorer, iexplorer, outlook), the files involved in the RCA are different, and the thumbprint of the detection is different.
I have created an Exploit Mitigation Exclusion for the above processes, but this is not resolved the issue.
I have also excluded the parent folder from the real time scanning via a global exclusions, but this has also not resolved the issue.
I have a ticket open with Sophos, but we have not made any progress on it yet, and I have not been able to connect the detection with a specific action as of yet.
Has anyone run into similar issues, and, if so, do you have any suggestions on resolving the alerts?
Thanks
This thread was automatically locked due to age.