On-Premise Endpoint

Sophos Endpoint Software iTunes installer being blocked on Endpoints - Windows 7 clients

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 3 replies
Subscribers 1 subscriber
Views 9050 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iTunes installer being blocked on Endpoints - Windows 7 clients

IAMU over 10 years ago

The iTunes installer (iTunes_Setup.exe) is being blocked as a potential PUA on my endpoints (version 10.3).

I've add iTunes_Setup.exe in as a file exclusion in SEC (5.2.2), but it isn't working and it is still picked up.

Is there another way I can exlude this file from being blocked?

This thread was automatically locked due to age.

Parents

0 QC over 10 years ago

Hello IAMU,
isn't being considered a "PUA"
I beg to differ - Install Core Click Run Software is a PUA and from the analysis it doesn't look likely that the genuine iTunes installer would trigger this detection.
Anyway, the academic discussion is not productive. I've already suggested that you send a sample but apparently I couldn't convince you :smileyhappy:.
I'm a little reluctant to authorize such ...
and rightly so
but I need this file
famous last words :smileywink:
It shouldn't be flagged
right, if indeed it's coming from Apple themselves
Clearly something is not as it should be. Either it's an incorrect (false positive) detection, or the file is not coming from Apple (even if you think so), or Apple have decided to beef up the installer. Won't speculate which is the most likely (even though I did not get the alert scanning - not running - the 12.0.1 installers for Windows). The best course of action is to send a sample to Labs - please do so.
Christian
:55367
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 10 years ago

Hello IAMU,
isn't being considered a "PUA"
I beg to differ - Install Core Click Run Software is a PUA and from the analysis it doesn't look likely that the genuine iTunes installer would trigger this detection.
Anyway, the academic discussion is not productive. I've already suggested that you send a sample but apparently I couldn't convince you :smileyhappy:.
I'm a little reluctant to authorize such ...
and rightly so
but I need this file
famous last words :smileywink:
It shouldn't be flagged
right, if indeed it's coming from Apple themselves
Clearly something is not as it should be. Either it's an incorrect (false positive) detection, or the file is not coming from Apple (even if you think so), or Apple have decided to beef up the installer. Won't speculate which is the most likely (even though I did not get the alert scanning - not running - the 12.0.1 installers for Windows). The best course of action is to send a sample to Labs - please do so.
Christian
:55367
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data