Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 15 subscribers
  • Views 1908 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Policy exclusion vs global exclusion. Both ways, exe´s deleted

Arturo Carrillo

Hi, maybe i´m setting something wrong, but i hope can you help me.

I made exclusions on threat protection in Policy Exclusions and Global Exclusions. I need to exclude folders that contains an ERP files.

Sophos detect false positives in that ERP files. Therefore the files are deleted.

I tried set first Policy Exclusions  and then the Global Exclusions but both of them doesn´t work in my Sophos Central.

Anyway the .exe filies are removing.

I share the screenshots with the configuration in Sophos Central.

I´ll be grateful if you help me.

Best Regards.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Arturo,

    Thank you for raising this, What I can suggest to you here is to raise a Labs request through our sample submission portal if this file is a legitimate file that your organization uses to exclude this from being detected. Ensure to provide all necessary details like the file with the detection and its detection name. Share as well the description of this application and its file path. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • 0

    Hi Arturo,

    Thank you for raising this, What I can suggest to you here is to raise a Labs request through our sample submission portal if this file is a legitimate file that your organization uses to exclude this from being detected. Ensure to provide all necessary details like the file with the detection and its detection name. Share as well the description of this application and its file path. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
  • 0 in reply to GlennSen

    Hi GlennSen

    My apologize for my late response.

    These files are legitimate. They are .exe that works in our ERP.  The ERP is named Dominiom BI.

    The executable files are developments by us.

    In these days as a choice i added the paths in allowed applications from global settings like this (C:\DominioM BI\*.exe). My common sense was add an asterisk before .exe aims to recognize all the executables in that folder.

    However sophos detects ML/PE and PUA´s in that path and begin clean that "threats".

    I´ll raise a Labs request this files as soon as possible because i cannot install sophos in this production server till solve this issue.

    Best regards.

Unfiltered HTML