Adware and PUAs list in empty

Question

Hi there, 
 
 Last friday I have installed Sophos Endpoint protection 5.5 according best practices etc. 
 The updates has been installed and I have succesfully protect a test computer.

Within the Sophos Enterprise Console I want to configure the Anti-virus and HIPS policy . If you open the ' Default ' policy and then go to ' Authorization ' and then go to for example the TAB 'Adware and PUA's' or 'Suspicious Behavior' I see that the KNOWN Applications list is empty . 
 For what I know Sophos will deliver a list with application and that I can select which applications I want to authorize. 
 
 In my old environment (5.2.1) I see that the list is full with known applications. 
 
 Is there a way that the list will be automatically be filled?

QC · Answer

Hello evulopah , 
 I see nobody has answered yet (and I have been off-net). By default the Known adware and PUAs list is empty. The list is populated with the detections reported by endpoints - it's not like Application Control where you can proactively permit certain applications. Detections for applications are generic, they are supposed to detect an application irrespective of its version or specific incarnation of its executable. In contrast Authorization applies to a specific file - you can for example have many setup.exe s belonging to the same PUA, authorizing one of them neither authorizes all the others nor permits the specific PUA generally. 
 If you did not preserve and migrate the database, i.e. you did a fresh install, the alerts required for Authorize aren't present. Unfortunately - due to the database design - one can not export/import the alerts of interest. 
 Christian