Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 3817 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept-X Early Access - Reporting False Hits

Jeff Falk

I have a small set of endpoints using the early access Intercept-X release.  Recently, I have started receiving hits regarding the OSSEC client running on a few of these systems.  What is the preferred route to report this issue?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    This below article details how to raise issues for potential false positives with Intercept X, along with the available workarounds. Note that some detection will appear as legitimate files. Perform the instructions below to acknowledge alerts or exclude detected exploits ONLY if the files are assured to be valid.

    Note: Excluding the detection could put the system at risk if the detection is valid, so be fully aware of this risk. This should only be a temporary workaround and not a fix.

    Refer: Intercept X: How to report false positives

Reply
  • 0

    Hi  

    This below article details how to raise issues for potential false positives with Intercept X, along with the available workarounds. Note that some detection will appear as legitimate files. Perform the instructions below to acknowledge alerts or exclude detected exploits ONLY if the files are assured to be valid.

    Note: Excluding the detection could put the system at risk if the detection is valid, so be fully aware of this risk. This should only be a temporary workaround and not a fix.

    Refer: Intercept X: How to report false positives

Children
No Data
Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?