Deep Learning Cleanup

Hey Guys,

When a file is cleaned up by Deep learning as part of PUA then

1- Where is the file moved?

2-If a file is cleaned and then i add an exclusion for the software does that come back/may be from quarantine? Or should i do a re install again if i need it

Regards

Top Replies

RichardP over 1 year ago in reply to blueskies +2 verified

the target file is encrypted and stored in our safestore database. You can't get it back unless you generate an exclusion for it that will allow the system to recognize it as legitimate and restore it…

+1 Qoosh over 1 year ago

Hi blueskies,

Thanks for reaching out.

When a file is cleaned up, it will be moved to the "SafeStore".
- C:\ProgramData\Sophos\Safestore

The best way to exclude a detected file is to find the detection event in Sophos Central by checking the "Events" tab under the device in question. Selecting the "Details" button on the right-hand side of the "PUA detected" event will allow you to exclude the file. This will trigger the restore operation.

Kushal Lakhan

Team Lead, Global Community Support
Connect with Sophos Support, get alerted, and be informed.
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel
0 blueskies over 1 year ago in reply to Qoosh

Well i dont see so, The safe store has only .dat files and not the ones that were cleaned
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+2 RichardP over 1 year ago in reply to blueskies

the target file is encrypted and stored in our safestore database. You can't get it back unless you generate an exclusion for it that will allow the system to recognize it as legitimate and restore it.

There are limits to the safestore too - not every file can be restored.

RichardP

Program Manager, Support Readiness | CISSP | Sophos Technical Support
Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +2 Vote Down

Sign in to reply

Verify Answer

Reject Answer

Cancel
0 blueskies over 1 year ago in reply to RichardP

Anything above 50 MB cannot be restored?After adding an exclusion?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 RichardP over 1 year ago in reply to blueskies

There is a per file size limit and a total size limit for the safestore. If a new file would take the safestore over its limit - the oldest stored file is deleted.

RichardP

Program Manager, Support Readiness | CISSP | Sophos Technical Support
Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel