Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow files downloaded from specific website or product name from such executable

Hello,


A client of ours has to download updates from their ERP software regularly and recently Sophos Endpoint has began flagging it as a PUA, we allowed the hash on the global exclusions, but as we know, each update would have a different hash.

Is there a way a can allow downloads from the website provided by the supplier to download the updates, or check the product name on the file proprieties, so it wont be scanned and consequently blocked?



This thread was automatically locked due to age.
Parents
  • As explained here, you can exclude PUAs by path (directory in which the app is installed/run) or certificate (the vendor certificate used to sign the application). One of these might be better suited to your needs than excluding the hash. I am not aware of any way to allow applications to run based on the source URL.

Reply
  • As explained here, you can exclude PUAs by path (directory in which the app is installed/run) or certificate (the vendor certificate used to sign the application). One of these might be better suited to your needs than excluding the hash. I am not aware of any way to allow applications to run based on the source URL.

Children
No Data