Intercept X EAP installed but Exploits succeeding in Sophos Tester!!

Ive got Intercept X EAP installed and just installed the new Sophos Tester to test my install, but lots of tests are Succeeding to exploit my pc??

Thats Ransomware EFS but lots of other tests are succeeding to exploit my pc have i got something wrong somewhere?  all my settings are enabled policy wise and i only exclude a couple of folders for games and thats all so the test shouldnt be able to exploit my machine i thought?

Also that test was with the Dummy Signed if i run the same test with Dummy unsigned Sophos blocks it properly so what would cause the signed Dummy to succeed?

Same with Dummy Signed for tests like Credential theft - Open Sam Registry, but Dummy Unsigned same test is blocked by Sophos Central??

Are other peoples EAP who run the Sophos Tester getting similar outcomes?