Machine Learning:
Intercept X for Server includes a deep learning model to detect malware. Malware is detected by the model pre-execution and blocked. The detection results in a local notification on the Server, and, an event in the Sophos Central console. Detections from the machine learning model are shown as ML/PE-A (Machine Learning/Portable executable, the A is for the current machine learning model and may change in the future)
From the detection event in Sophos Central the administrator can 'Allow' the application if this is a False Positive detection.
An RCA should be generated to assist the administrator in understanding if this is a possible false positive.
Machine Learning Potentially Unwanted Applications (PUA):
Intercept X for Server includes a deep learning model to detect potentially unwanted applications. The detection behaviour is identical machine learning to detect malware. PUAs tend to be 'commercial software' that is used for advertising, tool bars, spyware, and device monitoring. These applications are rarely wanted by administrators or end users, but they are not quite considered malicious in themselves.
PUAs are identified as "Generic ML PUA".
From the detection event the administrator can 'Allow' the application if this is a False Positive detection.
False Positive Suppression:
Intercept X for Server includes a new global policy "Allowed Applications" .
When Intercept X for Server detects and blocks malware, or potentially unwanted applications, an event is generated. From the event notification in Sophos Central the administrator can choose to allow the application. This will add it to the global allowed application policy and restore the application on affected endpoints.
[unlocked by: StephenMcKay at 11:00 AM (GMT -7) on 23 Mar 2018]
[locked by: StephenMcKay at 11:04 AM (GMT -7) on 23 Mar 2018]
[unlocked by: StephenMcKay at 3:24 AM (GMT -7) on 16 Apr 2018]
[locked by: StephenMcKay at 8:24 AM (GMT -7) on 5 May 2018]