Disable automatic cleanup of PUA

Hi Lukas_lzs,

Thanks for reaching out to the Sophos Community Forum. 

It's not currently possible to prevent the automatic cleanup of PUA's. Additional information on remediation options can be found at the following link. 
- Threat Protection Policy > Remediation

I'd suggest creating a new Threat Protection policy for devices which will require access to these admin tools. You'll need to create an exclusion of the type "Potentially Unwanted Application (Windows/Mac)". The name you see referenced in the detection event will also be important, as this needs to be populated into the exclusion UI. 

For example, in the following detection, you will need to enter "PsExec" as opposed to the path or exe name. 

Thanks for the fast reply. 
Although i had hoped for another answer, this „fixed“ the problem. 
thanks again.

Thanks for the fast reply. 
Although i had hoped for another answer, this „fixed“ the problem. 
thanks again.

No problem at all. 

I can see a feature request we've received for your desired behaviour to be added as an option. If you can provide me with your company details via private message, I'd be happy to add this to your account record. This helps our product teams better understand the features customers would like to see implemented.