Running Sophos Endpoint 9.5.
As of the recent update, we are receiving a false positive that we need to run. I have already submitted the file to Sophos and explained the issue.
The immediate issue is that the only way I can get this application to run is by stopping On-Access scanning.
When I try to run the assocated application, it detects a particular file as a problem and quarantines it/
I have already tried adding the single file to the exclusion list, but it detects that file as a problem.
I then tried to add the entire direction C:\Program Files\XXX to the exclusion list, but it still detects that file as a problem.
It is detecting the file as Virus/spyware, NOT HIPS/PUA/Suspicious behavior, etc. However, that said, I added it to every list in Authorization manager that was possible (Suspicious Files, Buffer Overflow, Suspicious Behavior, Suspicious Files)
The detection is Virus/spyware: Mal/Ponmocup-A. So I tried adding that to to Adwwre and PUAs as well (IN Authorization Manager).
I have verified that my client is updated as I can see the exclusions and settings from that level.
Any advice, or am I stuck removing Sophos until this definition gets changed in some way.
Appreciate any advice that can be offered.
This thread was automatically locked due to age.
