Global folder exclusions and PUA's

Question

We are rolling out Sophos on our servers. 
 One server holds the software repository with company software installers and a lot of tooling for us sysadmins. 
 As one can guess, Sophos detects several PUA's, like Nirsoft apps, TightVNC, a.s.o. 
 We and Sophos seem to have a disagreement in what is a PUA. 
 Now I excluded the drive:\path where those tool apps reside in a custom Threat protection policy and still I cannot access the files and new POA alerts are generated. I did a lot of searching, but cannot confirm that PUA's and folder exclusions are two different things, what is seems to be. Also, excluding a single PUA every time is not an option. So if I can't solve this, Sophos cannot run on that server. 
 I want Sophos to leave that drive:\folder alone and not detect anything. The share is used by sysadmins and everything put there has already been scanned by clients. 
 How can I solve this? 
 Regards, 
 Han

Han Vroon · Accepted Answer

Finally, the backup ran without PUA alerts. Unfortunately I ended adding two exclusions at once, so I don't know which one did the trick: File or folder exclusion: \Device\HarddiskVolumeShadowCopy??\Misc\ Allowed application: \Device\HarddiskVolumeShadowCopy??\Misc\ 
 Problem solved.

Gladys · Answer

Hi Han Vroon , Thank you for reaching out to the Community. Generally, you&rsquo;ll need to allow each of the PUA detections if you wish to allow those applications to run in your environment. More details on resolving PUAs in this article . You can also see what PUAs have been allowed under "Global Settings > Allowed Applications". On this page, you can choose to "Add apps by path", you may also try creating exclusions using wildcards or variables and see if it helps.

Global folder exclusions and PUA's

Top Replies