This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dealing with acceptable risks and false positives

Hello

Endpoint Security and Data Control.

One of the things I think is lacking when Sophos detects a threat is the option to ask the user if they want to ignore it.

The On-access scanning options for Anti-Virus policies in the Enterprise Console do not include 'Ask me what to do'.

I live in dread of a time that Sophos might detect a false positive and quarantine it (I don't delete at all), and it turns out to be a vital system file.

Admittedly, this has not happened to me yet. However, after reading one of the threads that appeared in the Endpoint Security and Data Control  I feel the option to ignore is something that should be considered in future releases.

The AV software I use on my home computer never automatically quarantines/deletes anything and always displays a list of any detections and asks what should be done with them. This gives the user time to check the detections and determine if they are false positives etc.

Any opinions on this?

:2087


This thread was automatically locked due to age.
Parents
  • Hi, Christian

    Thanks again for your reply.

    All the 'if's' are ticked, but I wouldn't take that route - I'm not brave enough, and murphy's law would kick in and kapow!

    I don't have any problem with my present Sophos setup. It is configured not to cleanup files, and to deny access only. Alerting is instant and I receive all email alerts at home as well as at work so I would know pretty quickly if anything had been detected.

    I just suggested it as a consideration for the general wish-list. If others feel that it is not needed I am happy to go with the flow. Because I have not had a detection on any of our servers I have no experience of what would happen. 

    Thanks for your thoughts on this. I appreciate you taking the time to respond.

    Regards

    Mark

    :2104
Reply
  • Hi, Christian

    Thanks again for your reply.

    All the 'if's' are ticked, but I wouldn't take that route - I'm not brave enough, and murphy's law would kick in and kapow!

    I don't have any problem with my present Sophos setup. It is configured not to cleanup files, and to deny access only. Alerting is instant and I receive all email alerts at home as well as at work so I would know pretty quickly if anything had been detected.

    I just suggested it as a consideration for the general wish-list. If others feel that it is not needed I am happy to go with the flow. Because I have not had a detection on any of our servers I have no experience of what would happen. 

    Thanks for your thoughts on this. I appreciate you taking the time to respond.

    Regards

    Mark

    :2104
Children
No Data