Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 13 subscribers
  • Views 1863 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to prevent Malware cleaned up or PUA cleanup for upx compressed programms

guillaume testaniere

Sophos Central admin

Hello


We migrate some computer ans ervers in Sophos central in company ( european software vendor )

how to prevent Malware cleaned up or PUA cleanup for false mailware ou pua detected  upx compressed programms in research and development department

Desactivate the auto correction ( by strategy on computer and servers groups ) in security threat don't work



This thread was automatically locked due to age.
  • 0

    Hello guillaume testaniere,

    you can authorize PUAs. For the malware detections - is this always the same detection or are there several, what are their names? For false positive malware detections you should submit a sample. If you are sure they are clean you could also exclude the files from scanning.

    Christian

  • 0 in reply to QC

    Hello

    Thanks for you answer.

    Is it possible to prevent the deleted action by prescan without file deletion ?

    action in safe protect exeuction ?

    We can't exclude the thousand folder or files from scanning if we don't know the potential files deleted.

    my english is bad, i am french :)

  • 0 in reply to QC

    I m copy text from an other post - it seem same problems

     

    We have hundreds of in-house developed applications.


    Sophos Central is deleting them as PUAs and their programing staff is not happy.

     

    We need to be able to turn off the auto clean for PUAs.

  • 0 in reply to guillaume testaniere

    Hello guillaume testaniere,

    my english is bad
    better than my French :)

    You say that disabling Nettoyer automatiquement les malwares has no effect and the files are still cleaned/deleted? I'm not using Central and the information in the Help isn't very detailed but it'd expect that with this setting it would leave the files alone. And I can't say whether correction can be configured for a scheduled scan.
    But nevertheless you could not use (view, execute, copy) the files as Real-Time protection would still block access. If excluding folders/files or authorizing the PUAs is not feasible (and exclusions are an additional risk) only amended detections would help. If you submit false positives the applicable detection items are normally amended/corrected so that the files are no longer detected. If the files are created by your R&D they might have sufficient in common so that they can easily be "whitelisted".

    Christian 

Unfiltered HTML