Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=allowed-applications

Allowed applications

You can see applications that you have allowed to run on your computers.

Go to My Products > General Settings > Allowed Applications.

You can see applications that you have allowed to run on your endpoint computers.

The page shows where the application was originally detected (if applicable) and how it was allowed.

About allowed applications

Our software detects threats that are previously unknown. However, it may sometimes identify an application as a threat, even though you know that it’s safe. When this happens, you can “allow” the application. This does as follows:

  • Prevents this detection from happening again.
  • Restores all copies that have been cleaned up (removed from computers).

Alternatively, you can allow an application in advance, so that it won't be detected when you install it for users.

Warning

Think carefully before you allow applications because it reduces your protection.

Note

If an option is locked, this means that your partner or enterprise administrator applied global settings. You can still stop detecting applications, exploits, and ransomware by going to the events list. See Deal with false positives.

Allow an application that's been detected

Only allow an application if you know it's safe. For help deciding, see How to investigate and resolve a potential False Positive or Incorrect Detection.

Note

When you allow an application, it can run on all computers for all users, and we'll exclude it from further threat detections. However, when it runs, we'll still check it for exploits, ransomware, and malicious behavior.

To allow an application that Sophos has detected and removed, do as follows:

  1. Go to Devices > Computers and servers.
  2. Find and click the computer or server where the detection happened to view its details.
  3. Click the Events tab and find the detection event.
  4. Click Details.

  5. In the Event details dialog, under Allow this application, select the method of allowing the application.

    Available methods vary by platform.

    Select one of the following methods to allow the application:

    • Certificate: This is recommended. It also allows other applications with the same certificate.
    • SHA-256: This allows this version of the application. However, if the application is updated, it could be detected again.
    • Path(Windows): This allows the application as long as it's installed in the path (location) shown. You can edit the path (now or later) and use variables if the application is installed in different locations on different computers.
    • Path(Linux): This allows the application as long as it's installed in the path (location) shown. You can edit the path (now or later) and use variables if the application is installed in different locations on different computers. You must use forward slashes.

  6. Click Allow.

Edit the path for an allowed application

You can change the path that you specified when you allowed an application.

  1. On the Allowed Applications page, find the application. The current path is shown in the details.
  2. Click the Edit icon Edit icon.
  3. In the Edit path dialog, enter the new path.

When you edit a path, details of the original detection (user, computer and path) are removed from the list.

When you allow an application using Path(Windows), we show the path in Windows format, even if you enter it in Linux format. For example, if you enter /var/files, we show it as \var\files.

When you allow or edit an application using Path(Linux), you must use forward slashes.

Start detecting an application again

If you want Sophos to start detecting and removing an application again, you remove it from the Allowed Applications list.

Select the application and click Remove (in the upper right of the page).

More resources