This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X is blocking IO of the Calibre Library but not reporting. How do I except?

Calibre Library is book management software. https://calibre-ebook.com/

False positive is reported. Sophos saying "I'll investigate the logs"

Anyway, I 've already tried to exclusion. But It does not except. Here for the my exclusion list screenshots.

How do I except for Calibre Library? Any advice please?



This thread was automatically locked due to age.
Parents
  • Hi FoW, 

    It is not recommended to add exclusions for any software and is best to get it checked with Sophos Support. 

    What is the name of the detection?

    You can try excluding the process of Calibre Library and check if that helps. (You can exclude any process running from a specified executable. This also excludes files that the process uses, but only when they are accessed by that process. Check the Help supported wildcards and expansion variables.)

    If it detected by Intercept X as an exploit detection, then you can try excluding it from Endpoint Protection> Policies> Select the threat protection policy applicable on the machine> Exclusions> Add Exclusion. 

    Select "Exclusion Type" as Detected Exploits (Windows/Mac) from the drop-down menu and select the event where it was detected. Save the policy.

    Thanks,
    Yashraj Singha
    Manager | Global Community Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi FoW, 

    It is not recommended to add exclusions for any software and is best to get it checked with Sophos Support. 

    What is the name of the detection?

    You can try excluding the process of Calibre Library and check if that helps. (You can exclude any process running from a specified executable. This also excludes files that the process uses, but only when they are accessed by that process. Check the Help supported wildcards and expansion variables.)

    If it detected by Intercept X as an exploit detection, then you can try excluding it from Endpoint Protection> Policies> Select the threat protection policy applicable on the machine> Exclusions> Add Exclusion. 

    Select "Exclusion Type" as Detected Exploits (Windows/Mac) from the drop-down menu and select the event where it was detected. Save the policy.

    Thanks,
    Yashraj Singha
    Manager | Global Community Support
    Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
  •  What is the name of the detection? 

    Not detection. Just blocked deletion process of the Calibre Library. After turing off the “Anti-Ransomware detect” option, the Calibre Library is works normally.

    You can try excluding the process of Calibre Library and check if that helps.

    Yes. I was tried ten or more times. This ways is NOT working. Did you check my screenshot?

    Thanks.