Thread Info
  • State Suggested Answer
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 1343 views
  • Users 0 members are here
Options
Suggested

mass-release from quarantine

FFin

Hi all,

i've got a false-positive outbreak detected on one fileserver.

There're around 100 Items in Quarantine - alerts spread over 6 pages in Events-Section in central.
i went through that list multiple times but was able to release 95 elements from quarantine only.

So now i have 5 items left. But: there's no overview which items are released and which are not.
Due to all detections having the same timestamp it seems like order i different everytime i switch from page to page.

So i go through every item on every page and manually click "Details" to check whether released or not.

Why is there no table-view with multi-selection of quarantine-items to release or delete / acknowledge.
I cannot order the event list, i cannot see from view which is released, and everytime you release one item it jumps back to page 1.

Any ideas/workarounds?



Added tags
[edited by: GlennSen at 1:29 PM (GMT -7) on 3 Oct 2024]
Parents
  • 0

    Hi FFin,

    Thanks for reaching out to the Sophos Community Forum.

    When you encounter "Generic ML PUA" detections, we suggest sending in the offending exe through our sample submission portal so the exe can be properly analyzed by our Sophos Labs team. 
    - https://support.sophos.com/support/s/filesubmission?language=en_US 

    If you trust the detected executables, an immediate step you can take is to exclude the path where the executables reside. This can be done from the "Allowed Application" section under "General Settings". An exclusion such as "D:\Data\Departments\Software....\Application*.exe" may work. Be as specific as possible when using wildcards. Adding as much of the file path as possible or including the first few characters of the exe name will help with this.
    See: Allowed Applications

    I suggest proceeding with caution when using wildcards to exclude executables. Once the samples you send in have been analyzed, remove the temporary exclusion to ensure you are not allowing unexpected applications.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • 0

    Hi FFin,

    Thanks for reaching out to the Sophos Community Forum.

    When you encounter "Generic ML PUA" detections, we suggest sending in the offending exe through our sample submission portal so the exe can be properly analyzed by our Sophos Labs team. 
    - https://support.sophos.com/support/s/filesubmission?language=en_US 

    If you trust the detected executables, an immediate step you can take is to exclude the path where the executables reside. This can be done from the "Allowed Application" section under "General Settings". An exclusion such as "D:\Data\Departments\Software....\Application*.exe" may work. Be as specific as possible when using wildcards. Adding as much of the file path as possible or including the first few characters of the exe name will help with this.
    See: Allowed Applications

    I suggest proceeding with caution when using wildcards to exclude executables. Once the samples you send in have been analyzed, remove the temporary exclusion to ensure you are not allowing unexpected applications.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data
Unfiltered HTML