We have an internal approved application that we've been running for about a year. Sometime last month Sophos Central started blocking it as "CryptoGuard". We have it added in Allowed Applications as well as Global Exclusions. Per this post 3 years ago there should be a "don't detect this again" section in the event but it is not there:
Sophos Exploit prevention: How to exclude applications from CryptoguardAny ideas would be appreciated! Thanks!
Hi Jim Vaden ,
Thank you for reaching out to our Community Forum. Are you seeing this on a Windows device? Would you be able to share a screenshot of the detection details?
Thanks for the reply. Please see below for a screenshot. I have marked it resolved for now but I'm sure it'll alarm again on Monday when the users access the application and I can grab more detail for you then; unless you know how I can go back and get more than what I've found here:
HI Jim Vaden ,
Thank you for sharing the details. Have you tried excluding it using its SHA256? This allows this version of the application. However, if the application is updated, it could be detected again given its uncertain reputation. So I suggest submitting a sample file to our SophosLabs so they can reclassify the application. You may submit and upload the sample file here.
Let me know if you need further assistance.
Thanks for the reply. I haven't tried excluding its SHA256; which option is that?Also, I have just sent the file up to SophosLabs; submission #06011582
My colleague also uploaded to the Lab a few weeks ago but has gotten nothing on it yet.