We are rolling out Sophos on our servers.
One server holds the software repository with company software installers and a lot of tooling for us sysadmins.
As one can guess, Sophos detects several PUA's, like Nirsoft apps, TightVNC, a.s.o.
We and Sophos seem to have a disagreement in what is a PUA.
Now I excluded the drive:\path where those tool apps reside in a custom Threat protection policy and still I cannot access the files and new POA alerts are generated.
I did a lot of searching, but cannot confirm that PUA's and folder exclusions are two different things, what is seems to be.
Also, excluding a single PUA every time is not an option. So if I can't solve this, Sophos cannot run on that server.
I want Sophos to leave that drive:\folder alone and not detect anything.
The share is used by sysadmins and everything put there has already been scanned by clients.
How can I solve this?
Regards,
Han
This thread was automatically locked due to age.
