Jump to content

Potentially Unwanted/Unsafe Application rules

Recommended Posts



We want to disable the protection of PUP but still report as shown below in our configuration.


Having checked the policies, it appears to be set correctly and there's no other policy within the hierarchy which I thought could be an issue.


However, we are still getting reports for a file by the PUP protection. We have even added explicit exclusions for the file based on the hash and I can see that the exclusion is present within the devices that are detecting the PUP.




Any idea as to why this would be happening or where to check next?







Edited by BlueBear
No need for it
Link to comment
Share on other sites

5 minutes ago, Marcos said:

You should change reporting of PUAs to off if you don't want to have PUAs detected.


I am OK with the detection alert being sent to the console and display on the endpoint but I want to stop the removals. 


The description of 'Reporting' states exactly the above, so this configuration should report but not remove the detection. However, even with this configuration it is being reported and the deletion action being performed:

Action Performed: Cleaned by deleting
Timestamp: 1/11/24, 4:52:30 AM UTC


Am I misunderstanding this somehow?



Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...