Applies to Sophos Home Beta for Windows (2.0.8 and above)
The Sophos Home Beta for Windows (version 2.0.8) introduced a new feature to Sophos Home called Machine Learning. Machine learning can predict if a file is malicious without ever having seen it before, by examining its behavior. In addition to this, a database is cross-referenced at Sophos where customer feedback influences the decision.
If you believe that a file was incorrectly categorized and you wish to restore. You can follow the steps below.
Note: Sophos does not recommend adding exclusions unless you are 100% sure the application is safe. We recommend customers submit a sample of the application's executable (.exe) to Sophos' Lab for a review and, if needed, a re-categorization https://secure2.sophos.com/en-us/support/submit-a-sample.aspx
Note 2: Customers may also create an exclusion for a specific file/location at their own discretion, following this article.
- Log in to your Sophos Home dashboard
- Click on the affected machine
- Find the detection under New Activity or via the History tab
example (Note ML means this was a machine learning detection):
4. Click on Show Advanced Options
5. Under Did we get this wrong? click on Allow and Restore
6. You will now be prompted to restore and allow the application. This will restore the file, and send Sophos a report to re-evaluate the decision
Note: If more than one component from a company is detected, you will have the option to Restore and Allow All, which will restore and allow all applications from that vendor. Example below