We have an application that is found safe from Sophos Labs Team.
How would I exclude it in Central?
I have disabled all features on the endpoint as a test and it is still detected. Excluded the process path. No luck.
Mitigation DLLHijack
Policy DLLHijackGuard
Timestamp 2024-04-25T08:10:10
Platform 10.0.22631/x64 v3 06_ba*
PID 12588
Enabled 0BF820B040000000
Silent 0080000000000000
Application C:\Program Files\Snipaste-1.16.2-x64\Snipaste.exe
Created 2024-04-24T08:13:57
Modified 2018-01-21T16:17:13
Description Snipaste 1.16.2
OUTBREAK MODE
\??\C:\Program Files\Snipaste-1.16.2-x64\MSVCR120.dll blocked from loading, loading from \??\C:\Windows\system32\ instead
Process Trace
1 C:\Program Files\Snipaste-1.16.2-x64\Snipaste.exe [12588]
2 C:\Windows\explorer.exe [11288] *
Thumbprint
59c2a25884fd69881920579a1c16d3dd987eeacf60ef10225c0a707de268bf17
Module based thumbprint (pfn-mod)
650a5519ca3fd4bdfee606715eb323173d885d2c5742de59feeb6f182134e3ac
Process based thumbprint (pfn)
c477db6f5b0ce224ce79670cf53e2806b8dbade1a802ccb762db19e4b9113445
Edit tags
[edited by: GlennSen at 7:48 AM (GMT -7) on 1 May 2024]
