Running Sophos XG v16. Using IPS lantowan_strict policy with blissfully few (just 3-5) false positives. I want to deselect those 3-5 signatures to clean up the reports, so I can focus on real problems. That scenario must be super-common and deselecting those 3-5 signatures must be super-straightforward, right?
I've been at this for well over an hour with ZERO progress. Sure, there is always the possibility that I'm an idiot. I've read the documentation plus the forum articles, no help there.
Let's take a peek at a screenshot ...
Couple of things don't look right:
* My search on the term 'DNS' produced 152 matches ... but we are NOT looking at a list of those matches. We're still looking at the very top of the 7448 signatures.
* The fact that we're supposedly looking at 1-50 of the 152 matches IMPLIES there is a way to look at 51-100 of the 152 matches ... but there is no way to do so.
* Searching only seems to work if you first deselect EVERY signature
So I am left with the conclusion that this super-common scenario (deselect a handful of signatures producing false positives) is NOT super-easy. In fact, it seems downright impossible. Or I'm an idiot.
This thread was automatically locked due to age.
