I am developing a website in ASP.Net Core 2.2 Using Visual Studio 2017. When I compile the site, Sophos Endpoint steps in and deletes the file I just created, calling it a potential PUA.
Why would Sophos Endpoint think that I don't want my own code? How could my own program, that I just wrote, be considered "unwanted"? No, it is not a PUA, nor a virus.
Is there any way to permanently fix Sophos Endpoint so freshly compiled code isn't considered a PUA?
No, I don't want to bother IT about this...AGAIN. It needs to be fixed, and that's on you.
How can we make this happen so it won't ever be any issue again?
Hello there, You can allow this PUA on your device by adding exclusions to it to avoid getting detected again. You may refer to this documentation for the steps. If your device is managed by your IT team then you need to reach with them as well as they are the ones who can perform these steps.
It needs to be part of the base code. If a user creates a dll, it is a fundamentally different act than installing one. It must be handled by the AV in a completely different way.
This should have been a deal killer for any code you wrote. If I create a DLL, it's not a virus. Period. It should not be treated as one.
How do we change Sophos' design philosophy to reflect this?
Hello Jim Oliver,
first of all, this sounds like Intercept X and not the on-premise version. Intercept X is part of Central, its name implies a centralized concept You can't make permanent adjustments without bothering IT. Consequently unwanted is as seen from central administration, not an individual user.
Even considering a "personal" AV your assessment and assumptions are at least partially wrong.my own code - how should AV know that you is really you and that your code is indeed your code?If I create a DLL, it's not a virus - how do you know? There's more than one way to sneak rogue code into a project. Consequently freshly compiled code is not necessarily cleanIf a user creates a dll, it is a fundamentally different act than installing one - apart from the inaccuracy that you don't install a DLL but at best register it, where's the fundamental difference? Or do you mean running code from the DLL?a user creates - already outlined above, (more or less "classic") AV can't tell who or what creates a file, nor can it ascertain the intent of the creation
There's nothing that needs to be fixed, at least not on the AV's side - it has to be wary. You might want to read Sophos Central: Investigate and resolve a potential false positive or incorrect detection.