Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 6802 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X is blocking IO of the Calibre Library but not reporting. How do I except?

FoW

Calibre Library is book management software. https://calibre-ebook.com/

False positive is reported. Sophos saying "I'll investigate the logs"

Anyway, I 've already tried to exclusion. But It does not except. Here for the my exclusion list screenshots.

How do I except for Calibre Library? Any advice please?



This thread was automatically locked due to age.
Parents
  • 0

    Hi FoW, 

    It is not recommended to add exclusions for any software and is best to get it checked with Sophos Support. 

    What is the name of the detection?

    You can try excluding the process of Calibre Library and check if that helps. (You can exclude any process running from a specified executable. This also excludes files that the process uses, but only when they are accessed by that process. Check the Help supported wildcards and expansion variables.)

    If it detected by Intercept X as an exploit detection, then you can try excluding it from Endpoint Protection> Policies> Select the threat protection policy applicable on the machine> Exclusions> Add Exclusion. 

    Select "Exclusion Type" as Detected Exploits (Windows/Mac) from the drop-down menu and select the event where it was detected. Save the policy.

Reply
  • 0

    Hi FoW, 

    It is not recommended to add exclusions for any software and is best to get it checked with Sophos Support. 

    What is the name of the detection?

    You can try excluding the process of Calibre Library and check if that helps. (You can exclude any process running from a specified executable. This also excludes files that the process uses, but only when they are accessed by that process. Check the Help supported wildcards and expansion variables.)

    If it detected by Intercept X as an exploit detection, then you can try excluding it from Endpoint Protection> Policies> Select the threat protection policy applicable on the machine> Exclusions> Add Exclusion. 

    Select "Exclusion Type" as Detected Exploits (Windows/Mac) from the drop-down menu and select the event where it was detected. Save the policy.

Children
  • 0 in reply to Yashraj S

     What is the name of the detection? 

    Not detection. Just blocked deletion process of the Calibre Library. After turing off the “Anti-Ransomware detect” option, the Calibre Library is works normally.

    You can try excluding the process of Calibre Library and check if that helps.

    Yes. I was tried ten or more times. This ways is NOT working. Did you check my screenshot?

    Thanks.

Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?