EAP - intercept X blocking applications .exe hosted via UNC path - how can i whitelist this?

EAP - intercept X blocking applications .exe hosted via UNC path  - how can i whitelist this?



What happened: We could not clean up a threat.

Where it happened: FSPC33

Path: \Device\Mup\Sydttdb\tt\TimeTarget.exe

What was detected: ML/PE-A

User associated with device: FRASERSSUITES\satomi.terauchi

How severe it is: High

What Sophos has done so far: We attempted to clean up a threat.

What you need to do: In the Sophos Central Admin console, go to the Alerts page and find the threat alert. Click on the threat name to see details and cleanup advice on the Sophos website. Then go to the affected computer and clean up the threat manually.


Help sources:

  • Hi Howard Phung,

    This has been detected via the machine learning algorithm. 

    Presuming you trust the detected application, you can whitelist it by going to the device's EVENTS tab and finding the alert (filter by date range if you have to)

    Click the details of the event, you will now be able to whitelist via path or Hash. 

    Don't forget to give feedback as to why you want to whitelist it. :) 

  • In reply to MrSmith:

    Thank you Mr Smith, for your a legend!

  • Hi Howard,

    The below article details how to raise issues for potential false positives with Intercept X, along with the available workarounds. Note that some detection will appear as legitimate files. Perform the instructions below to acknowledge alerts or exclude detected exploits ONLY if the files are assumed to be valid.

    Intercept X: How to report false positives to Sophos