This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Disable automatic cleanup of PUA

Hey there.

I know this question has been asked a few years back, but i hope there is an update to this.

I deployed Sophos CIXA on my PC and it started automatically deleting some of my trusted software i use as a network technician.

The files are marked as PUA and therefore automatically cleaned up. i don´t really want to exclude this software from scans.

Is there an option i missed to change automatic cleanup of PUA to "ask first" or be it "quarantine" ?

Thanks in advance for an answer :)



This thread was automatically locked due to age.
Parents
  • Hi Lukas_lzs,

    Thanks for reaching out to the Sophos Community Forum. 

    It's not currently possible to prevent the automatic cleanup of PUA's. Additional information on remediation options can be found at the following link. 
    - Threat Protection Policy > Remediation

    I'd suggest creating a new Threat Protection policy for devices which will require access to these admin tools. You'll need to create an exclusion of the type "Potentially Unwanted Application (Windows/Mac)". The name you see referenced in the detection event will also be important, as this needs to be populated into the exclusion UI. 

    For example, in the following detection, you will need to enter "PsExec" as opposed to the path or exe name. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thanks for the fast reply. 
    Although i had hoped for another answer, this „fixed“ the problem. 
    thanks again.

Reply Children