This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Policy exclusion vs global exclusion. Both ways, exe´s deleted

Hi, maybe i´m setting something wrong, but i hope can you help me.

I made exclusions on threat protection in Policy Exclusions and Global Exclusions. I need to exclude folders that contains an ERP files.

Sophos detect false positives in that ERP files. Therefore the files are deleted.

I tried set first Policy Exclusions  and then the Global Exclusions but both of them doesn´t work in my Sophos Central.

Anyway the .exe filies are removing.

I share the screenshots with the configuration in Sophos Central.

I´ll be grateful if you help me.

Best Regards.



This thread was automatically locked due to age.
Parents
  • Hello Arturo Carrillo,

    won't object to GlennSen's suggestion, on the contrary - submitting samples for (assumed) FPs both, if confirmed, assures that they are indeed FPs and eliminates the need for exclusions (potentially for other customers as well).

    As for exclusions (that are, as said, not the best choice of action): It's an ML detection and ML detections explained suggests to allow the application (if I understand correctly).
    Furthermore, might be my eyesight but as far as I can see the path in detection starts with X:\DominioM BI\ and this is not covered by the exclusions shown. This folder is excluded on C: only and the exclusion on X: starts with some other name. Or am I mistaken?

    Christian

Reply
  • Hello Arturo Carrillo,

    won't object to GlennSen's suggestion, on the contrary - submitting samples for (assumed) FPs both, if confirmed, assures that they are indeed FPs and eliminates the need for exclusions (potentially for other customers as well).

    As for exclusions (that are, as said, not the best choice of action): It's an ML detection and ML detections explained suggests to allow the application (if I understand correctly).
    Furthermore, might be my eyesight but as far as I can see the path in detection starts with X:\DominioM BI\ and this is not covered by the exclusions shown. This folder is excluded on C: only and the exclusion on X: starts with some other name. Or am I mistaken?

    Christian

Children
  • Hello Christian

    I understand is not best practice add entire drives or folders to exclusions. It´s only an option that i made aims to exclude all the .exe´s as a threat.

     added the paths in allowed applications from global settings like (C:\DominioM BI\*.exe) to recognize all the internal executable files. But the diagnostics detects ML/PE and PUA´s and proceed to clean that threats.

    By internal proceses in the ERP we have files in C:\DominioM BI, X:\Prototipo TEC\ disk drive and C:\Program Files (x86)\DominioM\.

    They are different names so we need to exclude that three folders.

    I forgot X:\Dominiom BI_1\ but this folder doesn´t matter, i´ll remove that folder and start the diagnostic again.

  • FormerMember
    0 FormerMember in reply to QC

    ML does respect folder exclusions. Just make sure you have listed ALL the folders and they have the trailing \ to make sure that the endpoint knows its a folder.