Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 14 subscribers
  • Views 35115 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to deal with false positive reports of Lockdown malicious behavior?

David Schrag

I often get pop-up notifications from Sophos Endpoint stating "'Lockdown' malicious behavior prevented in DotNetBrowser Chromium Native Process" when trying to run legitimate programs. How do I isolate the cause and prevent the behavior from being blocked in the future?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    There seems to be some confusion in this thread. 

    Are you getting a SERVER LOCKDOWN alert?

    If so, then you need to exclude the application in the server lockdown policy. Lockdown only lets the current configuration run and nothing else - there is no "detection" or logs because the idea is that the server is locked into a specific running state and it can't be altered so there is nothing more for you to do - the item was prevented from running and Lockdown did its job.

     

    Please clarify the exact alert you are getting.

Reply
  • FormerMember
    0 FormerMember

    There seems to be some confusion in this thread. 

    Are you getting a SERVER LOCKDOWN alert?

    If so, then you need to exclude the application in the server lockdown policy. Lockdown only lets the current configuration run and nothing else - there is no "detection" or logs because the idea is that the server is locked into a specific running state and it can't be altered so there is nothing more for you to do - the item was prevented from running and Lockdown did its job.

     

    Please clarify the exact alert you are getting.

Children
No Data
Unfiltered HTML