The Sophos Community will be unavailable from 13:00 to 18:00 UTC this Saturday, October 1st for upgrades. Stay tuned to our Twitter account @SophosSupport for updates.
This article explains Generic Potentially Unwanted Application (PUA's) detections.
Applies to the following Sophos product(s) and version(s) Sophos Endpoint Security and Control
Generic PUA detections provide users of LiveProtection with timely detection of new and updated Potentially Unwanted Applications. Detections can be cleaned, authorized, or sent to the lab to have a named detection added.
What is a Potentially Unwated Application (PUA)?
Overview of PUA.
The threat name takes the form Generic PUA - xy where xy is a two letter code, e.g. AB. This two-letter code following Generic PUA in the threat name remains constant for a given file, but will usually be different for two different files, even if they are versions of the same PUA.
These detections can be authorized. However, when specific, named detection is released, the application may need to be authorized again. To avoid any confusion we recommend de-authorizing the Generic PUA detection after the specific, named detection is released.
If you are uncertain about the nature of something detected as Generic PUA, or if specific, named detection is desired for authorization purposes, please submit a sample. Consideration will also be given to requests for reclassification of PUA detections under Application Control.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.