This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setting FalsePositive as exceptions?

We are running Sophos 10 EndPoint using the Enterprise Console 5.1.

For compouters that are infected to where Sophos cannot remove the infection, we also use tools like ComboFix, RogueKiller, Malware Bytes, etc. Sophos has flagged some of these as viruses themselves, for example, ComboFix. I have modified our AV/HIPS policy to have ComboFix as an Excluded PUA. It was rather easy as the exe was on the list. However, a new one that was just found today was RogueKiller. The downloaded exe is being flagged as a virus causing user panic.

This is a false positive that I would like to exclude. However, unlike combo fix, it does NOT show up on the 'Known adware and PUAs" list. Is there any way to add it? Is this something Sophos updates depending on what infections it finds in our environment? How do I go about excluding this?

Thanks!

This thread was automatically locked due to age.

Parents

0 jnick over 12 years ago

Christian,
Thank you for the information. I have submitted the file. However, is this 'whitelist' on Sophos' end what will allow us to create exceptions in the SEC? For instance, ComboFix, (NirCmd.exe) showed up under "Known Adaware and PUAs". Does this mean someone submitted that file to sophos so they can flag it for an exception? Or am I still missing something?
Thanks!
:36741
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jnick over 12 years ago

Christian,
Thank you for the information. I have submitted the file. However, is this 'whitelist' on Sophos' end what will allow us to create exceptions in the SEC? For instance, ComboFix, (NirCmd.exe) showed up under "Known Adaware and PUAs". Does this mean someone submitted that file to sophos so they can flag it for an exception? Or am I still missing something?
Thanks!
:36741
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data