Disclaimer: This information is posted as-is and the content should be referenced at your own risk
This article describes how to exclude an application from Exploit mitigations on the below platforms:
We will cover how to exclude 'known' applications (applications that the Sophos Endpoint detects as installed business applications) and 'unknown' applications (applications that are not categorised by the Sophos Endpoint as business applications but may still require exclusion).
Please note: Sophos does not suggest excluding any applications from any of our protection methods unless the application is fully trusted by the customer. Customers excluding applications do so at their own risk.
For further information on exclusions methods for Cryptoguard please see this article.
The following sections are covered:
Applies to the following Sophos products and versionsSophos Central AdminEnterprise Console 5.5.1Central Endpoint Intercept X 2.0.14Exploit PreventionCentral Server Intercept X 2.0.8
This method can be used to exclude a particular application in the Enterprise Console after a detection has been raised against it.
This method will add an exclusion for the Thumbprint associated with this particular detection. If the exact same behaviour occurs again on your estate then this will not trigger a detection.
However anything that changes the behaviour in some way (different paths involved, different files involved, different application, etc) will change the Thumbprint and will therefore require a separate exclusion.
This method is useful if you have an application that either reports a large number of unexpected exploit mitigation detections or suffers from performance issues when the exploit mitigation functionality is active.
This is also the only method of exclusion available to customers running Enterprise Console 5.5.0.
Currently within the Sophos Enterprise Console there is no way of excluding unknown applications. Please contact Sophos Support if you require assistance in this scenario.
Have an idea or suggestion regarding our Documentation, Knowledgebase, or Videos? Please visit our User Assistance forum on the Community to share your idea!