Applies to Sophos Home for Windows (free and Premium)
Sophos Home for Windows v 2.0.11 introduced a new feature called Artificial Intelligence (Machine Learning).
Machine learning can predict if a file is malicious pre-execution, without having seen it before, by examining its behavior. In addition to this, a database is cross-referenced at Sophos where customer feedback influences the decision.
If you believe that a file was incorrectly categorized and you wish to restore it. You may follow the steps below.
Note: Sophos does not recommend adding exclusions unless you are 100% sure the application is safe. We recommend customers submit a sample of the application's executable (.exe) to Sophos' Lab for a review and, if needed, a re-categorization https://support.sophos.com/support/s/filesubmission
Note 2: Customers may also create an exclusion for a specific file/location at their own discretion, following this article.
- Access your Sophos Home Dashboard
- Click on the affected machine
- Find the detection under New Activity or via the History tab
example (Note ML means this was a machine learning detection):
4. Click on Show Advanced Options
5. Under Did we get this wrong? click on Allow and Restore
6. You will now be prompted to restore and allow the application. This will restore the file, and send Sophos a report to re-evaluate the decision
Note: If more than one component from a company is detected, you will have the option to Restore and Allow All, which will restore and allow all applications from that vendor. Example below