Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 13 subscribers
  • Views 1662 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint Detection Exclusion Query

ptho

Hi Sophos,

We are receiving what we believe to be false positives with a piece of software at use in our ogranisation.

This software is triggering an event on the affected device for 'DynamicShellcode'.

I understand that I can go to this device's Events history, and 'Exclude this Detection ID from checking'.

I'd like to clarify what this means; does 'Detection ID' refer to this specific app on this specific device? Does adding this exception here, which adds it as a global exception, mean that all DynamicShellcode exploits are exempt from checks?

Thank you.



This thread was automatically locked due to age.
  • 0

    Hi  ,

    Thank you for reaching out to the Sophos Community Forum.

    Have you had a chance to read through the following document? This specific action is explained here.

    Stop detecting an exploit

    Exclude this Detection ID from checking. prevents this detection on this application. It adds an exclusion for the Detection ID associated with this specific detection. If the same behavior occurs again on your estate, this doesn't trigger a detection. However, if the behavior is different, for example different paths or files, the Detection ID is different and requires a separate exclusion.

    I'd also suggest submitting the sample file to our SophosLabs so they can further analyze the application and apply modifications if needed. You can do this by going to our Sample Submissions Portal.

     

    Gladys Reyes
    Global Community Support Engineer
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Gladys

    Hi, thanks for the KB article. I did submit it to Sophos but I never receieved any acknowledgement or reply. Do they typically respond to submission requests?

Unfiltered HTML
Help Us Improve The Community
Unfiltered HTML