Why sophos end point detected Abby findreader as ransomeware?

Hi,

Can you paste the full description from the Application Event log entry (event id 911)?

Regards,

Jak

Hi Jak,

Thanks for responding. Attached is the info required.

5100.event log.txt

Hi Jack M 

Please try excluding this application in the Central Admin by navigating to Global Settings > Global Scanning Exclusions > Add Exclusions > Detected Exploits (Windows) and selecting the cryptoguard detection. This should exclude the application from being detected as ransomware.

You can also submit the file to Sophos Labs for reevaluation, please refer to the article Sophos Anti-Virus: "false positives" and "unwanted detections" and look for the topic "Submitting suspicious files, unwanted detections, and false positives"(the last topic in the article). 

Hi Jack M 

Please try excluding this application in the Central Admin by navigating to Global Settings > Global Scanning Exclusions > Add Exclusions > Detected Exploits (Windows) and selecting the cryptoguard detection. This should exclude the application from being detected as ransomware.

You can also submit the file to Sophos Labs for reevaluation, please refer to the article Sophos Anti-Virus: "false positives" and "unwanted detections" and look for the topic "Submitting suspicious files, unwanted detections, and false positives"(the last topic in the article).