Intercept X is blocking IO of the Calibre Library but not reporting. How do I except?

Calibre Library is book management software.

False positive is reported. Sophos saying "I'll investigate the logs"

Anyway, I 've already tried to exclusion. But It does not except. Here for the my exclusion list screenshots.

How do I except for Calibre Library? Any advice please?

  • Hi FoW, 

    It is not recommended to add exclusions for any software and is best to get it checked with Sophos Support. 

    What is the name of the detection?

    You can try excluding the process of Calibre Library and check if that helps. (You can exclude any process running from a specified executable. This also excludes files that the process uses, but only when they are accessed by that process. Check the Help supported wildcards and expansion variables.)

    If it detected by Intercept X as an exploit detection, then you can try excluding it from Endpoint Protection> Policies> Select the threat protection policy applicable on the machine> Exclusions> Add Exclusion. 

    Select "Exclusion Type" as Detected Exploits (Windows/Mac) from the drop-down menu and select the event where it was detected. Save the policy.

  • In reply to Yashraj:

     What is the name of the detection? 

    Not detection. Just blocked deletion process of the Calibre Library. After turing off the “Anti-Ransomware detect” option, the Calibre Library is works normally.

    You can try excluding the process of Calibre Library and check if that helps.

    Yes. I was tried ten or more times. This ways is NOT working. Did you check my screenshot?