The alert only behavioral rule in Sophos Endpoint Security and Control warns of files that are suspected to be malicious. However, as the identification has not been confirmed by a precise virus identity, the files are not automatically prevented from running or are automatically deleted. This only happens in alert only mode, and the suspicious file will be blocked in other modes.
Applies to the following Sophos product(s) and version(s) Sophos Endpoint Security and Control 10.8.4
If you believe the file to be legitimate, or you are not sure, kindly send a sample of it directly to our Labs team.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable for us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.