• Sign in to your Sophos Home dashboard.
• Choose the desired computer and scroll down to the New Activity section (or choose HISTORY to see all current alerts). 
• Select one of the following actions:
   
  • Allow - This action allows the detected application to run. The application is then listed under PUA excluded applications on the Sophos Home dashboard.
  • Clean - This option deletes the PUA.
  • Ignore - This clears out the alert but the detected PUA is neither excluded or deleted. However, the alert triggers again when the application is relaunched.

Note: These actions can also be applied directly to the Sophos Home software installed on your computer.

If you keep seeing the same Potentially Unwanted Application (PUA) detection after clearing it, it’s usually because the file is being reintroduced to your system repeatedly. This can happen when:

• An application on your computer is updating and recreating the file.
• Your system is synchronizing files from another device or the cloud.
• A backup application is restoring the file.

What to do

1. Check synchronization settings
   Look for cloud services (like OneDrive, Dropbox, Google Drive) or backup tools that might be restoring the file. Disable syncing for the affected file if needed.
2. Review program updates
   If the detection is related to a specific program, updates may be re-adding the file. Confirm if the program is trusted and Allow the detection in Sophos Home, or uninstall the program altogether. 
3. Verify the file’s safety
   If you need help making the decision, use our Intelix Portal and/or online tools such as VirusTotal to check if the file is flagged as malicious/safe. You can also contact the vendor if the detection is getting triggered from a program.

See Disable automatic cleanup on macOS
For other OS versions, as well as general guidelines, please see  Setting scan exceptions