Potentially Unwanted Application (PUA) is a term used to describe applications that, while not malicious, are generally considered unsuitable for business networks.
As the volume of previously unseen PUAs increases the methods of detecting them has to evolve. A Generic ML PUA detection is generated by Sophos Intercept X’s Machine Learning (ML) engine, also referred to by our specific approach Deep Learning and is designed to detect PUAs in PE (Portable Executable) files, such as:
If a detection of this type has been received it is because Sophos has detected a file on the computer that our Deep Learning threat model has decided is a PUA. This is a pre-execution detection meaning the file was detected before it was able to be run.
The following sections are covered:
Applies to the following Sophos products and versions Central Intercept X 11.5.6
The major PUA classifications are:
Note: Certain applications that fall into the PUA category may be considered useful by some users.
In most cases there is nothing to do, the detected file and related components will have already been removed automatically from the computer. If a user wants to run this PUA, it can be done through the Sophos Central Admin console. Locate the alert for the detection on the device and select Allow from the options. Doing this will restore the application and stop it from being detected again.
Important: Only allow detections if you are sure it is safe to do so. To help understand if something is safe or not please see: How to investigate and resolve a potential False Positive / Incorrect Detection
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.