Endpoint Detection Exclusion Query

Hi Sophos,

We are receiving what we believe to be false positives with a piece of software at use in our ogranisation.

This software is triggering an event on the affected device for 'DynamicShellcode'.

I understand that I can go to this device's Events history, and 'Exclude this Detection ID from checking'.

I'd like to clarify what this means; does 'Detection ID' refer to this specific app on this specific device? Does adding this exception here, which adds it as a global exception, mean that all DynamicShellcode exploits are exempt from checks?

Thank you.

Added tags
[edited by: Gladys at 10:36 AM (GMT -7) on 24 Apr 2024]