A Potentially Unwanted Application (PUA) is software that isn’t malicious but might behave in ways you don’t want—such as showing ads or installing extra components.
Sophos Home automatically blocks PUAs to keep your system safe, but it does not delete them (because they’re not harmful).
You get to decide what happens next, by either allowing the application, or deleting it from your system.

To allow the PUA application:

1. Click on Dashboard or, if the popup is present, click on Manage . You will be redirected to your Sophos Home Dashboard to take the next step. 
   Note: If you click on Dashboard, you need to enter your Windows PIN/password to proceed.
   
2. Locate the New Activity section in the HISTORY tab 
   Locate the PUA and click on Show Advanced Options
3. At your own discretion choose the option Did we get this wrong? to Allow and Restore the PUA
   

To delete the PUA instead:

Locate the application or file on your system, external drives, or Cloud and delete it.

To allow the PUA application:

1. Do either of the following:
   • Click the Threat Detected notification.
     
   • If you no longer have the Threat Detected notification, open the Sophos Home main window then click on the PUA blocked notification.
     
2. Select one of the following options in the next window:
   • Always Allow - This opens the Sophos Home dashboard to perform the exclusion. This action allows the detected application to run.
   • Clean - This option deletes the application.
   • Ignore - The alert is cleared out but no action is taken. The detected PUA is neither excluded or deleted. However, the alert triggers again when the application is relaunched.

To delete the PUA file or application:

Depending on the message, you might need to manually remove the PUA from your systems. 
This includes Ignoring the detection, finding the file/application that is triggering the alert and deleting it from your system. See below for additional steps:

• I received an alert stating Manual PUA cleanup required
• Manual malware cleanup on a Mac computer

If you keep seeing the same Potentially Unwanted Application (PUA) detection after clearing it, it’s usually because the file is being reintroduced to your system repeatedly. This can happen when:

• An application on your computer is updating and recreating the file.
• Your system is synchronizing files from another device or the cloud.
• A backup application is restoring the file.

What to do

1. Check synchronization settings
   Look for cloud services (like OneDrive, Dropbox, Google Drive) or backup tools that might be restoring the file. Disable syncing for the affected file if needed.
2. Review program updates
   If the detection is related to a specific program, updates may be re-adding the file. Confirm if the program is trusted and Allow the detection in Sophos Home, or uninstall the program altogether. 
3. Verify the file’s safety
   If you need help making the decision, use our Intelix Portal and/or online tools such as VirusTotal to check if the file is flagged as malicious/safe. You can also contact the vendor if the detection is getting triggered from a program.