Issue with CryptoGuard for particular application

We have an internal approved application that we've been running for about a year. Sometime last month Sophos Central started blocking it as "CryptoGuard". We have it added in Allowed Applications as well as Global Exclusions. Per this post 3 years ago there should be a "don't detect this again" section in the event but it is not there:

Sophos Exploit prevention: How to exclude applications from Cryptoguard

Any ideas would be appreciated! Thanks!

Edited TAGs
[edited by: Gladys at 6:28 AM (GMT -8) on 19 Dec 2022]

Top Replies

Gladys over 1 year ago +2

Hi Jim Vaden , Thank you for reaching out to our Community Forum. Are you seeing this on a Windows device? Would you be able to share a screenshot of the detection details?

Parents

0 Gladys over 1 year ago

Hi Jim Vaden ,

Thank you for reaching out to our Community Forum. Are you seeing this on a Windows device? Would you be able to share a screenshot of the detection details?

Gladys Reyes

Global Community Support Engineer
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +2 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Gladys over 1 year ago

Hi Jim Vaden ,

Thank you for reaching out to our Community Forum. Are you seeing this on a Windows device? Would you be able to share a screenshot of the detection details?

Gladys Reyes

Global Community Support Engineer
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +2 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Jim Vaden over 1 year ago in reply to Gladys

Hi Gladys

Thanks for the reply. Please see below for a screenshot. I have marked it resolved for now but I'm sure it'll alarm again on Monday when the users access the application and I can grab more detail for you then; unless you know how I can go back and get more than what I've found here:

Thanks,
Jim
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Gladys over 1 year ago in reply to Jim Vaden

HI Jim Vaden ,

Thank you for sharing the details. Have you tried excluding it using its SHA256? This allows this version of the application. However, if the application is updated, it could be detected again given its uncertain reputation. So I suggest submitting a sample file to our SophosLabs so they can reclassify the application. You may submit and upload the sample file here.

Let me know if you need further assistance.

Gladys Reyes

Global Community Support Engineer
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the "Verify Answer" button.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up +1 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Jim Vaden over 1 year ago in reply to Gladys

Hi Gladys

Thanks for the reply. I haven't tried excluding its SHA256; which option is that?
Also, I have just sent the file up to SophosLabs; submission #06011582

My colleague also uploaded to the Lab a few weeks ago but has gotten nothing on it yet.

Thanks,

Jim
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel