Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 10 subscribers
  • Views 2196 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Process flagged as randsomware

Jon Airey

We have several applications (console/web/service) that share some code to encrypt/decrypt files. Sophos intermittently flags this as Randsomeware whether it be form the host running the application or the file server. We have tried whitelisting the process names but still do see blocking issues. 

 

Wonding if there is some way to embed some meta data into the processes that Sophos can read and we can whitelist this on our end. Does anyone who if something like this is possible?



This thread was automatically locked due to age.
  • +1

    Hi Jon,

    You should be able to exclude applications that have already been detected, there isn't currently a way to exclude items in advance of a detection. 

    You can report false positives as detailed here: https://community.sophos.com/kb/en-us/125439 

    Otherwise excluding this application in the Central Admin by navigating to System Settings > Global Scanning Exclusions > Add Exclusions > Detected Exploits (Windows) and selecting the cryptoguard detection

    Regards,

    Stephen

Unfiltered HTML