Our client software has triggered a Sophos Endpoint warning as being of low reputation. Knowing that the file is not malware, how do I trace why the file was flagged in this manner, and get it corrected, so as to not worry my customers?
There is a sample submission page: FileSubmission (sophos.com) . I'm not sure if you can do much with reputation score.
Download Rep as a feature uses IOfficeAntiVirus interface so for the browsers that support it, e.g. Chrome, IE, at the end of the download, before the browser "gives up the file" to the user it is an opportunity to check it. The reputation lookup is a request to the cloud to get a reputation score.
I don't know what Labs will do with the request but it's your best bet.
Hi Michael Gorman
Download Reputation is a feature checks files downloaded from some internet browsers against a database of files held in SophosLabs. Please check this article for more information about this feature and see if it helps. As suggested you can submit the file to our Sophos Labs if you require any in-depth investigation.
I read those articles prior to posting, not helpful in this case. I have submitted to the labs, so hopefully, I can get some answers there. That said, this file has only existed a very short time, this release was cut a few weeks ago, and there probably aren't 100 copies out there. The message also indicated where it came from, which was Github, could that be why it was flagged? Not the file, but the download location? And if that is true, is all of Github flagged? That would seem pretty extreme, though I could see how algorithms could end u p there, with as much garbage is out there.