[3.1][CLOSED] and suggestion - PUA alerts and names

Hi,

Should I expect to get alerts in the console for a PUA?

Taking the example PsKill, it is blocked at the endpoint but I don't get an alert in the console - I can create an exception for PsKill (seems case insensitive) in the management console but how would I know to make the exclusion without taking a call from an end user asking me why an application isn't working?

They would then need access to the QM/Logs to find the name of detection in order for me to exclude it for them.

It may also be useful to have some sort of link from the console to:
Adware Security | Stop PUAs and Unauthorized Programs | Sophos
for proactive adding of exceptions and for checking names. That being said, ideally a Labs API could be queried to perform a lookup of a given name from within the page, and bring back some basic info, such as publisher and a short description just to help confirm the name is correct.

Regards,
Jak

0 Astaro Beta Bot over 11 years ago

Thanks for reporting. We are now tracking this as Mantis ID #26772
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Astaro Beta Bot over 11 years ago

The Mantis ID #26772 is now under investigation. We are planning to release a fix for this issue in Version 3.3.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Astaro Beta Bot over 11 years ago

The Mantis ID #26772 is now fixed.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Astaro Beta Bot over 11 years ago

The Mantis ID #26772 is now closed.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel