Sophos Intercept X and Sophos Exploit Prevention protect your machines against malicious software or active adversaries using known exploit techniques to compromise or damage your systems and data.
Sometimes these detections can be unexpected or raised against software that you may believe to be safe or legitimate. At these times it is worth investigating the trigger for the detection and also whether there is a legitimate reason that the detection was raised.
In some of these cases it may be identified that the detection is a false positive against (for example):
The below article aims to explain the cases where we would expect detection to be raised against "trusted" software that is performing a true exploit technique and also to outline the information that Sophos Support will require to investigate your issue further.
Please refer to the below article for more information: