We'd love to hear about it! Click here to go to the product suggestion community
Disclaimer: This information is provided as-is and should be referenced at your own risk.
When Sophos detects an exploit, this is due to a behavior within an application that is resembling an exploit technique. This is a very important part of your cyber security posture and it is a major differentiator within Sophos Intercept X. These exploit techniques are documented here:
Occasionally it is necessary to make an exclusion for a detected exploit. Sometimes older applications, homegrown programs, and some plugins to browsers can cause a detection when it is not actually a threat.
Note: Prior to making an exception, it is important to make sure that it is not malicious activity.
There are generally two ways to create these exclusions:
From a security perspective, it is always better to make any exclusion based on a policy and only limit these to machines or users whose productivity is hampered by this detection. However, if it is a widely used application, you also have the option to make an exclusion globally. Again I urge caution, only exclude detections that you have vetted and know for certain that it is not an actual threat.
To make an exclusion via Policy,
To make an exclusion globally there are a few ways, this is documented in the below KB