Jump to content

Potentially Unwanted/Unsafe Application rules


Recommended Posts

Hi,

 

We want to disable the protection of PUP but still report as shown below in our configuration.

 

Having checked the policies, it appears to be set correctly and there's no other policy within the hierarchy which I thought could be an issue.

 

However, we are still getting reports for a file by the PUP protection. We have even added explicit exclusions for the file based on the hash and I can see that the exclusion is present within the devices that are detecting the PUP.

 

image.png.716c6c3a9c72cbb42909fef85698c2c2.png

 

Any idea as to why this would be happening or where to check next?

 

Thanks,

BB

 

 

 

Edited by BlueBear
No need for it
Link to comment
Share on other sites

  • Administrators

You should change reporting of PUAs to off if you don't want to have PUAs detected.

Link to comment
Share on other sites

5 minutes ago, Marcos said:

You should change reporting of PUAs to off if you don't want to have PUAs detected.

 

I am OK with the detection alert being sent to the console and display on the endpoint but I want to stop the removals. 

 

The description of 'Reporting' states exactly the above, so this configuration should report but not remove the detection. However, even with this configuration it is being reported and the deletion action being performed:

Action Performed: Cleaned by deleting
Timestamp: 1/11/24, 4:52:30 AM UTC

 

Am I misunderstanding this somehow?

 

Thanks

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...