BlueBear 2 Posted January 11 Share Posted January 11 (edited) Hi, We want to disable the protection of PUP but still report as shown below in our configuration. Having checked the policies, it appears to be set correctly and there's no other policy within the hierarchy which I thought could be an issue. However, we are still getting reports for a file by the PUP protection. We have even added explicit exclusions for the file based on the hash and I can see that the exclusion is present within the devices that are detecting the PUP. Any idea as to why this would be happening or where to check next? Thanks, BB Edited January 11 by BlueBear No need for it Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted January 11 Administrators Share Posted January 11 You should change reporting of PUAs to off if you don't want to have PUAs detected. Link to comment Share on other sites More sharing options...
BlueBear 2 Posted January 11 Author Share Posted January 11 5 minutes ago, Marcos said: You should change reporting of PUAs to off if you don't want to have PUAs detected. I am OK with the detection alert being sent to the console and display on the endpoint but I want to stop the removals. The description of 'Reporting' states exactly the above, so this configuration should report but not remove the detection. However, even with this configuration it is being reported and the deletion action being performed: Action Performed: Cleaned by deleting Timestamp: 1/11/24, 4:52:30 AM UTC Am I misunderstanding this somehow? Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,281 Posted January 11 Administrators Share Posted January 11 Please provide logs collected with ESET Log Collector from the machine. Link to comment Share on other sites More sharing options...
Recommended Posts