Allow files downloaded from specific website or product name from such executable

Question

Hello, 
 A client of ours has to download updates from their ERP software regularly and recently Sophos Endpoint has began flagging it as a PUA, we allowed the hash on the global exclusions, but as we know, each update would have a different hash. 
 Is there a way a can allow downloads from the website provided by the supplier to download the updates, or check the product name on the file proprieties, so it wont be scanned and consequently blocked?

Maxim-Sophos · Answer

As explained here , you can exclude PUAs by path (directory in which the app is installed/run) or certificate (the vendor certificate used to sign the application). One of these might be better suited to your needs than excluding the hash. I am not aware of any way to allow applications to run based on the source URL.