Disclaimer: This information is posted as-is and the content should be referenced at your own risk
This article describes how to exclude applications from CryptoGuard functionality in Sophos Central or Sophos Enterprise Console.
Exclusions can be made in both consoles following a CryptoGuard detection on the affected application. If you are encountering an issue where there is no detection, such as a performance issue or an application crashing, please contact Sophos Support for further assistance.
Please note: Sophos does not suggest excluding any applications from any of our protection methods unless the application is fully trusted by the customer. Customers excluding applications do so at their own risk. If you are at all unsure about whether you trust the application mentioned in the detection or the behaviour that is occurring at the time of the alert; please contact Sophos Support for further assistance.
For further information on exclusions methods for exploit mitigation please see this article.
Applies to the following Sophos products and versionsSophos Central AdminEnterprise Console 5.5.1Central Endpoint Intercept X 2.0.14Exploit PreventionCentral Server Intercept X 2.0.8
Please note that CryptoGuard exclusions in Sophos Central are applied to your whole estate once they are saved.
The below methodology will work for CryptoGuard detections where a process is indicated as the cause (as in the below examples C:\Users\Administrator\Desktop\application.exe). If you see a detection with an IP address (for example 192.168.0.1) please contact Sophos Support for further assistance.
Within Sophos Central any CryptoGuard detection is reported in the following ways:
You can exclude the detection using any of these events:
The below methodology will work for CryptoGuard detections where a process is indicated as the cause (for example C:\Users\Administrator\Desktop\application.exe). If you see a detection with an IP address (for example 192.168.0.1) please contact Sophos Support for further assistance.
Within Sophos Enterprise Console any CryptoGuard detection is reported in the following ways:
To exclude an application from CryptoGuard you can follow the below steps:
Have an idea or suggestion regarding our Documentation, Knowledgebase, or Videos? Please visit our User Assistance forum on the Community to share your idea!