Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 19 subscribers
  • Views 55497 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scanning exclusion for malicious behavior false positive

RichardHamaura

Sophos Ultimate beta version 0.7 detected a false positive " 'Lockdown' malicious behavior prevented in GFI LanGuard Patch Agent Module"

This is a legitimate application used by MAX remote management to apply Microsoft and other 3rd party software patches.  I am unable to locate additional details in Sophos Central about the executable file that was prevented from running.

How do I navigate through Sophos Central to find the executable file that was blocked? 

Which of the two methods in Central do I use to exclude the application / executable?

1. Scanning Exclusion

2. Exploit Mitigation Exclusion



This thread was automatically locked due to age.
Parents
  • 0

    We are getting this on some reputable websites that were fine last week. I think the more important question is why is this happening? An automatic exclusion is not the proper course of action for something that was working and now is not. You could end up excluding something that really shouldn't be. In the case of this issue the exclusions should be more granular as well. 

Reply
  • 0

    We are getting this on some reputable websites that were fine last week. I think the more important question is why is this happening? An automatic exclusion is not the proper course of action for something that was working and now is not. You could end up excluding something that really shouldn't be. In the case of this issue the exclusions should be more granular as well. 

Children
No Data
Unfiltered HTML