Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Replies 1 reply
  • Subscribers 10 subscribers
  • Views 1426 views
  • Users 0 members are here
Options
Suggested

Global exclusions not working

Frank Schumacher

Made a copy of Threat Protection added 2 exclusions

C:\ProgramData\SolidCast\

C:\ProgramData\SolidCast\FixedVolumeFillUtility.exe

Yet every now and then we get this:

Generic ML PUA detected at C:\ProgramData\SolidCast\FixedVolumeFillUtility.exe

Threats cleaned up.

This kills the licensing and the license program must be run again



Added TAGs
[edited by: Gladys at 6:00 AM (GMT -8) on 19 Dec 2022]
Parents
  • 0

    Hi Frank,

    Thanks for reaching out to the Sophos Community Forum. 

    For ML PUA detections specifically, I would suggest sending in a sample of the detected file so that our Sophos Labs team can make changes to the ML detection engine to ensure it does not get detected again.

    In the meantime, you can add a PUA exclusion if this is a false positive

    You can also check the sub-keys in the following location to verify that all exclusions have been received successfully on the endpoint.
    - HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\ThreatProtection\

Reply
  • 0

    Hi Frank,

    Thanks for reaching out to the Sophos Community Forum. 

    For ML PUA detections specifically, I would suggest sending in a sample of the detected file so that our Sophos Labs team can make changes to the ML detection engine to ensure it does not get detected again.

    In the meantime, you can add a PUA exclusion if this is a false positive

    You can also check the sub-keys in the following location to verify that all exclusions have been received successfully on the endpoint.
    - HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\ThreatProtection\

Children
No Data