Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=blocked-items

Blocked items

You can block applications that we consider suspicious. We identify these applications based on reputation checks.

You need to have Intercept X Advanced with XDR.

Restriction

You can only block applications. Sophos ignores SHA-256 hashes for other items or files with a trusted reputation.

Go to My Products > General Settings > Blocked Items.

You can block suspicious applications.

You can also see applications that you've blocked from running on your computers. You can see who blocked the application and why.

Blocked items will be cleaned up on computers they're already on. You can block and clean up applications in one step when you investigate a threat graph. See Threat Graphs.

About blocked applications

You can block applications using their SHA-256 hash. This prevents suspicious applications from running on your Windows devices.

You can also block applications when you investigate a threat graph.

You can add up to 5,000 SHA-256 hashes to the blocked items list.

Block an application

To block and clean up an application, do as follows:

  1. On the Blocked items page, click Add.
  2. Enter the application's SHA-256 hash.
  3. Enter a reason for blocking the application.

  4. Click Add.

    Click Add Another if you want to block more than one application.

  5. When you've finished, click Save.

This blocks the application on all computers.

Remove an application from the block list

If you've decided an application isn't suspicious, you can remove it from the block list as follows:

  1. On the Blocked items page, select the application in the list and click Remove.