Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 6495 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Setting FalsePositive as exceptions?

jnick

We are running Sophos 10 EndPoint using the Enterprise Console 5.1.

For compouters that are infected to where Sophos cannot remove the infection, we also use tools like ComboFix, RogueKiller, Malware Bytes, etc. Sophos has flagged some of these as viruses themselves, for example, ComboFix. I have modified our AV/HIPS policy to have ComboFix as an Excluded PUA. It was rather easy as the exe was on the list. However, a new one that was just found today was RogueKiller. The downloaded exe is being flagged as a virus causing user panic. 

This is a false positive that I would like to exclude. However, unlike combo fix, it does NOT show up on the 'Known adware and PUAs" list. Is there any way to add it? Is this something Sophos updates depending on what infections it finds in our environment? How do I go about excluding this?

Thanks!

:36701


This thread was automatically locked due to age.
Parents
  • 0

    Hello jnick,

    I'm not familiar with the details of a PUA classification (I'm not Sophos BTW). If it is clean then it will no longer be considered a virus but it might end up as PUA. Submission is one way - but Sophos classify files or their own as well :smileywink:

    Christian

    :36743
Reply
  • 0

    Hello jnick,

    I'm not familiar with the details of a PUA classification (I'm not Sophos BTW). If it is clean then it will no longer be considered a virus but it might end up as PUA. Submission is one way - but Sophos classify files or their own as well :smileywink:

    Christian

    :36743
Children
No Data