This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC - PUA exceptions not working?

We constantly have warnings about remcomsvc.exe.

We know the software so it's a bit of a false positive for us. So to save alerts, we placed exceptions under antivirus (C:\Windows\System32\RemComSvc.exe) and also authorized the PUA RemCom under Authorization.

We still keep getting email alerts from loads of our clients. It looks like the exceptions we put in don't work. Any ideas?

 

regards,

Louis



This thread was automatically locked due to age.
Parents
  • Hi Louis-M,

    Can you post a screenshot of this exclusion in the Authorization section of Enterprise Console as well as the detection alert from SEC of one of the endpoints?

    Potentially unwanted applications (PUAs) are programs that are not malicious by themselves, but which are generally considered unsuitable for most business networks. Examples include, but are not limited to, adware, dialers, remote administration tools, bundleware, downloaders, aggressive monetizing software, uninstall tools.

    However from the page below it looks like Sophos should be detecting this as a controlled application rather than PUA.  If this is the case then RemCom can be allowed in the Application Control policy: www.sophos.com/.../RemCom.aspx

Reply
  • Hi Louis-M,

    Can you post a screenshot of this exclusion in the Authorization section of Enterprise Console as well as the detection alert from SEC of one of the endpoints?

    Potentially unwanted applications (PUAs) are programs that are not malicious by themselves, but which are generally considered unsuitable for most business networks. Examples include, but are not limited to, adware, dialers, remote administration tools, bundleware, downloaders, aggressive monetizing software, uninstall tools.

    However from the page below it looks like Sophos should be detecting this as a controlled application rather than PUA.  If this is the case then RemCom can be allowed in the Application Control policy: www.sophos.com/.../RemCom.aspx

Children
No Data