Editing exclusions leads to deletion - is this a known bug?

Hi!

I just found a bug in the Sophos Central dashboard and could not find it in the known issues list. Here's how to replicate the issue:

1. Create an exclusion of the type "Exploit mitigation", choose an application and deactivate at least one of the mitigation types below. Save the exclusion.

2. Click on the name of the exclusion to edit it. It does not matter if you change anything, save or cancel. As soon as you are back in the policy the exclusion will be corrupted. The Application is missing.

3. Save the policy and open it again. The exclusion will be gone. Even if you saved between steps 1 and 2 - it will be deleted as soon as you save again with the corrupted exclusion.

There is no real need to edit exploit exclusions but the fact they can be deleted by simply opening them is disconcerning.

best regards,
Björn



Edit tags
[edited by: GlennSen at 3:03 PM (GMT -7) on 3 Sep 2024]
Parents
  • Hi Björn,

    Thanks for reaching out to the Sophos Community Forum. 

    May I ask if you are adding these exclusions from the Global Exclusions page, or from the Policies page? 

    I tried replicating this issue using the same steps you provided but was unsuccessful. I suspect the issue you're seeing is strictly cosmetic in nature. One way you can confirm is by checking the following registry locations:

    • HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert\_policy_

    You will see Acrobat.exe listed under this key. Acrobat.exe will have a value associated with it in the "Data" column. This value will match an entry under "_profiles_". The profiles registry entry will denote which protection features remain enabled/disabled. 

    •  HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert\_profiles_

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Hi Björn,

    Thanks for reaching out to the Sophos Community Forum. 

    May I ask if you are adding these exclusions from the Global Exclusions page, or from the Policies page? 

    I tried replicating this issue using the same steps you provided but was unsuccessful. I suspect the issue you're seeing is strictly cosmetic in nature. One way you can confirm is by checking the following registry locations:

    • HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert\_policy_

    You will see Acrobat.exe listed under this key. Acrobat.exe will have a value associated with it in the "Data" column. This value will match an entry under "_profiles_". The profiles registry entry will denote which protection features remain enabled/disabled. 

    •  HKEY_LOCAL_MACHINE\SOFTWARE\HitmanPro.Alert\_profiles_

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data