Having just read the post HIPS/FileMod-001 and Firefox uninstaller.exe by QC, I was wandering what the best options are regarding "false positives"(based on HIPS detection)?
What should we do?
- authorise the file ourselves
- submit the file to Sophos incase it isn't a legitimate copy, or its not the file we believe it to be
The urgency to this would all depend on whether or not you are in alert only mode for HIPS, but could still need dealing with at some point. I personally submit anything, just in case. However, it never seems to be a case that the HIPS entry is modified at all to prevent the detection of the submitted file, though I am instructed to add the file to my authorised lists (which is fine by me).
Just wandering what other people do on their networks.
This thread was automatically locked due to age.