Our client software has triggered a Sophos Endpoint warning as being of low reputation. Knowing that the file is not malware, how do I trace why the file was flagged in this manner, and get it corrected, so as to not worry my customers?
Hi Michael Gorman
Download Reputation is a feature checks files downloaded from some internet browsers against a database of files held in SophosLabs. Please check this article for more information about this feature and see if it helps. As suggested you can submit the file to our Sophos Labs if you require any in-depth investigation.
I read those articles prior to posting, not helpful in this case. I have submitted to the labs, so hopefully, I can get some answers there. That said, this file has only existed a very short time, this release was cut a few weeks ago, and there probably aren't 100 copies out there. The message also indicated where it came from, which was Github, could that be why it was flagged? Not the file, but the download location? And if that is true, is all of Github flagged? That would seem pretty extreme, though I could see how algorithms could end u p there, with as much garbage is out there.