Exclude Threat Detection "TA0005 - Defense Evasion"

Question

Our SAP server&rsquo;s backup process, that is using certutil.exe, is detected as a defense evasion threat. 
 In details the detection is 
 Detection ID: WIN-EVA-PRC-CERTUTIL-DECODE-1 Command Line: certutil -decode password.b64 password.txt File Path: C:\Windows\System32\certutil.exe Parent Command Line: C:\Windows\System32\cmd.exe /c "C:\Users\p01adm\scripts\backup_db.cmd P01 tlog Y:\sapbackup > backup_tlog.log 2 >&1!" Mitre Tactics: TA0005 Defense Evasion T1140 Deobfuscate/Decode Files or Information 
 I've tried to exclude certutil.exe with an exclusion in the Threat Protection device policy, but it not works. 
 How can I disable this detection? 
 Thanks.

Maxim-Sophos · Answer

The exclusions in Threat Protection policy will not suppress EDR/XDR detections. We expect to allow customer suppression of detections in the first quarter of the new year. (As always, roadmaps are subject to change.) In the meantime, I will pass this info along to our detections team to determine whether a global suppression or change to the rule is warranted in this case.