Scanning exclusion for malicious behavior false positive

Question

Sophos Ultimate beta version 0.7 detected a false positive " 'Lockdown' malicious behavior prevented in GFI LanGuard Patch Agent Module" 
 This is a legitimate application used by MAX remote management to apply Microsoft and other 3rd party software patches. I am unable to locate additional details in Sophos Central about the executable file that was prevented from running. 
 How do I navigate through Sophos Central to find the executable file that was blocked? 
 Which of the two methods in Central do I use to exclude the application / executable? 
 1. Scanning Exclusion 
 2. Exploit Mitigation Exclusion

LetMeAtIt18 · Answer

Just worked with Sophos on a similiar issue. Used these steps to successfully see and selected the false positive. 
 
 Log into Sophos Central Admin Select "Global Settings" from the left pane Select "Global Scanning Exclusions" Select "Add Exclusion" From the top dropdown, select "Detected Exploits"