Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 13 subscribers
  • Views 20079 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable PUA automatic remove.

Mat_

Hello,

 

Is there any way in Sophos Central to disable auto remove of PUA ?

I'm deploying Sophos Endpoint and I don't want Sophos to remove automaticaly some important software or file because it detects them like PUA.

 

I've already disabled malwares auto clean up, but there is no such option for PUA.

 



This thread was automatically locked due to age.
Parents
  • 0

    Two years later and this still isn't resolved. This is a serious PITA, as you don't know what gets recognized as PUA until it is removed.

    We just started rolling out Endpoint Protection via Sophos Central and I already had two cases where this breaks running applications. And to put icing on the cake out of the box you don't get a notification, unless you notice the breakage or specifically look for it.

    Is disabling Deep Learning a valid workaround?

  • 0 in reply to Marcus Bayer

    Hi  

    Disabling Deep learning is not a good idea.

    If you have the case where PUA was detected and was removed, you can allow it as the exception and that same file will not be detected as PUA in future until software update happens and you have allowed the SHA for the exception.

    Please refer to this article for what action you can take.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Jasmin

    Hello Jasmin, while I understand where this is coming from, please also understand the annoyance that I rather like to review a PUA find than have to repair and whitelist something aftterwards. We are talking about PUA after all, not malware. Why do I have the possibility to disable malware cleanup, but not PUA cleanup?

Reply
  • 0 in reply to Jasmin

    Hello Jasmin, while I understand where this is coming from, please also understand the annoyance that I rather like to review a PUA find than have to repair and whitelist something aftterwards. We are talking about PUA after all, not malware. Why do I have the possibility to disable malware cleanup, but not PUA cleanup?

Children
Unfiltered HTML