Whitelisting a program via Global Scanning Exclusions in Sophos Central?

Did you ever get this resolved?

We're having the exact same issue and have done exactly as you mentioned above, however continue to receive the alert! (added both the file path and executable)

I saw posts back from 2016, stating this was a "bug" and would be resolved in the next update/release, however appears this has yet to be resolved.

Did you ever get this resolved?

We're having the exact same issue and have done exactly as you mentioned above, however continue to receive the alert! (added both the file path and executable)

I saw posts back from 2016, stating this was a "bug" and would be resolved in the next update/release, however appears this has yet to be resolved.

no, the Sophos whitelisting once something has shown up in their severely broken Cryptoguard, is visible and whitelistable, but still crashes draftsight.

Hello James Dedrickson,

the Intercept X forum is perhaps the also a good place for this question.
Anyway, CryptoGuard doesn't use the AV scanning engine and thus scanning exclusions don't apply. AFAIK you can't authorize a detection and excluding a process would defeat the purpose of CryptoGuard (think of process hijacking). I you haven't already done so please see also CryptoGuard detections and required actions (which includes a link on How to report false positives).

Christian

KB125439 explicitly says to "exclude the detected exploit either Globally or per Policy to prevent the detection." Is this not a way to exclude files from being caught by CryptoGuard?

Hello gdriggs,

I have neither Central nor Intercept X, but when I see a me too to an unanswered question for a topic I'm not completely unfamiliar with I try to be of help and at least get the enquirer on the right track.
You're right about 125439, but I'm not sure whether it's correct regarding a CryptoGuard detection as it says the detected exploit (emphasis mine). It might simply be unfortunate wording or it might be wrong. Nevertheless I'm pretty sure that File or folder exclusions do not apply. There's a short Detected Exploits (Windows) paragraph and iff(sic!) 125439 is correct then it's only by using the mentioned drop-down that you could exclude the ransomware FP. If it's not in the drop-down ... well, maybe it's me who's right.

Christian