Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=detection-stop-application

Stop detecting an application

If Portable Executable (PE) files, like applications, libraries and system files, are detected, they're quarantined and can be restored.

Note

When you allow an application, it can run on all computers for all users, and we'll exclude it from further threat detections. However, when it runs, we'll still check it for exploits, ransomware, and malicious behavior.

To allow an application that Sophos has detected and removed, do as follows:

  1. Go to Devices > Computers and servers.
  2. Find and click the computer or server where the detection happened to view its details.
  3. Click the Events tab and find the detection event.
  4. Click Details.

  5. In the Event details dialog, under Allow this application, select the method of allowing the application.

    Available methods vary by platform.

    Select one of the following methods to allow the application:

    • Certificate: This is recommended. It also allows other applications with the same certificate.
    • SHA-256: This allows this version of the application. However, if the application is updated, it could be detected again.
    • Path: This allows the application as long as it's installed in the path (location) shown. You can edit the path (now or later) and you can use variables if the application is installed in different locations on different computers.

    Note

    You can't use Path to restore files with non-UTF-8 paths detected on a Linux device. You must use SHA-256 to restore these files.

  6. Click Allow.