Software myportal@work problem

What is the trigger for the delete? When you access the file is it populating as a malware event?

One thing, I noticed in your example that its typed "myprotal"  - is that what you have in the exclusion?

Hi Viktor,

Thanks for reaching out to the Sophos Community Forum. 

If you wish for the file to be analyzed by our team so that the detection can be changed, I suggest sending in a sample of the file through our Sample Submission portal. 

If you only wish to white-list the file locally, I suggest navigating to the device entry in Sophos Central where the detection was raised. You can find the detection event under the "Events" tab of the concerned device in order to use the "Details" button on the right hand side to white-list the item. The following KBA provides an example of how this can be done. 
- Sophos Central Admin: Exclude items from the Device list

Hello,

sorry, the right word ist "myportal". When i start the program, the message "Lockdown" appears at the bottom right.

greetings

Viktor

Is this a server? Lockdown is part of server protection that prevents any application from running that isn't whitelisted in the server lockdown policy. Exclusions do not override this.

Hello,

no, it is a Client ! All Clients have this Problem.

greetings

Viktor

Add the following entry in the global exclusions of your endpoint protection :

(File + Folders)

C:\Users\**\AppData\Local\Programs\myPortalAtWork\ 

Br Guido