Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 5 replies
  • Subscribers 7 subscribers
  • Views 2590 views
  • Users 0 members are here
Options
Suggested

Deep Learning Cleanup

blueskies

Hey Guys,

When a file is cleaned up by Deep learning as part of PUA then

1- Where is the file moved?

2-If a file is cleaned and then i add an exclusion for the software does that come back/may be from quarantine? Or should i do a re install again if i need it 

Regards

  • +1

    Hi blueskies,

    Thanks for reaching out. 

    When a file is cleaned up, it will be moved to the "SafeStore".
    - C:\ProgramData\Sophos\Safestore

    The best way to exclude a detected file is to find the detection event in Sophos Central by checking the "Events" tab under the device in question. Selecting the "Details" button on the right-hand side of the "PUA detected" event will allow you to exclude the file. This will trigger the restore operation.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
    • 0 in reply to Qoosh

      Well i dont see so, The safe store has only .dat files and not the ones that were cleaned

      • FormerMember
        +1 FormerMember in reply to blueskies

        the target file is encrypted and stored in our safestore database. You can't get it back unless you generate an exclusion for it that will allow the system to recognize it as legitimate and restore it. 

        There are limits to the safestore too - not every file can be restored. 

        • 0 in reply to FormerMember

          Anything above 50 MB cannot be restored?After adding an exclusion? 

          • FormerMember
            0 FormerMember in reply to blueskies

            There is a per file size limit and a total size limit for the safestore. If a new file would take the safestore over its limit - the oldest stored file is deleted.