Hi ALL,
Once deploying the Sophs endpoint 9.5 to the client PCs, getting the headache when lots of the software (either .exe or .dll files) are denied by the system with function to detect "Suspicious Behavior", "Suspicious files", "Adware and PUAs" and "Buffer Overflow"..... lots of the programs cannot be opened properly with different cases! ALL of these cases are found that the individual file (either .exe or .dll) is deteced and retained in the tab of "Suspicious files" & "Suspicious Behavior".
I am not sure whether it's the over senstivie of the Sophos AV & HIPS engine.... but I feel annoying about the found files that ONLY show the file name with some version info. BUT do not has the file path.... I have no idea how to handle the files and where is the file, they just shown in the windlow list ~~ Below are the points that make me confusing and annoying:
1/ The engine detects lots of the files... even the normal program file like the Foxmail, updating exe, 3ds max's dll....
2/ How come the window just show the file name without the path? Dozons of file names on the list or even over one hundred file names on the list are totally useless.... does Sophos expected the Admin would know which file should be authorized by giving a file name ONLY??
3/ To prevent the further impact, I added the setting to exclude all of the dll files for On-access scanning (exclude extensions & windows exclusions), and for the schedule scanning, but seems does work.....
4/ I set a separate profile with different AV & HIPS policies for each location (HK, China..), but the found file list in Suspicious Behavior / Suspicious Files / Adware and PUAs / Buffer Overflow are shared among ANY profiles.... why not separate it so that it can indicate which zone found the actual suspicious files?
Does anyone found this issue? Or any suggestion / advise can provide to prevent the further impact? Thanks in advance!!
This thread was automatically locked due to age.