This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scanning exclusion for malicious behavior false positive

Sophos Ultimate beta version 0.7 detected a false positive " 'Lockdown' malicious behavior prevented in GFI LanGuard Patch Agent Module"

This is a legitimate application used by MAX remote management to apply Microsoft and other 3rd party software patches.  I am unable to locate additional details in Sophos Central about the executable file that was prevented from running.

How do I navigate through Sophos Central to find the executable file that was blocked? 

Which of the two methods in Central do I use to exclude the application / executable?

1. Scanning Exclusion

2. Exploit Mitigation Exclusion



This thread was automatically locked due to age.
Parents
  • Just worked with Sophos on a similiar issue. Used these steps to successfully see and selected the false positive.

     

    Log into Sophos Central Admin
    Select "Global Settings" from the left pane
    Select "Global Scanning Exclusions"
    Select "Add Exclusion"
    From the top dropdown, select "Detected Exploits"

Reply
  • Just worked with Sophos on a similiar issue. Used these steps to successfully see and selected the false positive.

     

    Log into Sophos Central Admin
    Select "Global Settings" from the left pane
    Select "Global Scanning Exclusions"
    Select "Add Exclusion"
    From the top dropdown, select "Detected Exploits"

Children
No Data