Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 9 subscribers
  • Views 1169 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PUA files download

Endpoint User

Dear development team,

A PUA has been detected, but the filename or hash does not provide details.

I want to restore the file to check the details, but I cannot restore it unless I allow it from the event on the device management screen.

It is dangerous to suddenly allow PUAs whose details are unknown, so we need a function to download files.

Best regards,



This thread was automatically locked due to age.
  • 0

    Hi ,

    Thank you for reaching out to the Sophos Community Forum. If you need to review the details of a detected PUA, and you have an Intercept X or Intercept X Advanced with XDR license, you may check if there's a threat graph.

    In Sophos Central, go to Threat Analysis Center. If there's an associated threat graph with the detected PUA, it'll show the details including any activity it has performed and whether there are other suspicious files or processes to investigate.

    If you need more information regarding the Threat Graph analysis, you may also refer to this article.

    I hope this helps.

  • 0 in reply to Gladys

    Hi Gladys,

    Thank you for your reply.

    Unfortunately, there is no threat graph for detected PUAs.

    Regards,

  • 0 in reply to Endpoint User

    Hello,

    Thank you for the update. In Sophos Central, you may also look at Overview > Threat Analysis Center > Detections. You'll then see the list of detections, click the arrow to see more information.

    If the details that you need are still not present here, I recommend creating a case on our Support Portal so the team can further assist - https://support.sophos.com/support/s/?language=en_US#t=AllTab&sort=relevancy. You may also call the hotline number listed on the same site under "For Critical Cases", if urgent assistance is needed. If you end up doing so, I also suggest turning on the Remote Assistance option in Central. Go to: Account Details > Sophos Support > turn on Remote Assistance.

  • 0 in reply to Gladys

    Hi Gladys,

    Thanks for the additional information.
    Unfortunately, my Threat Analysis Center does not have Detections screen.
    Of course, I have checked with Sophos Support team and requested the feature.
    I appreciate your kindness, and I will be in touch with you shortly.

  • 0 in reply to Endpoint User

    Hi Gladys,

    I checked with Sophos Support team and they said that Threat Analysis Center > Detections is not available with my license.

    Thanks,

  • 0 in reply to Endpoint User

    Hi ,

    Thank you for the update. In that case, if you really need to have that function available for you, you may reach out to your Sophos Account Manager regarding license upgrades.

    If you need assistance finding out who your Account Manager is, kindly send me a private message so I can share more details. Thank you.

Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?