Skip to content

Blocked items

You can block and clean up suspicious applications.

You need to have Intercept X Advanced with XDR.

Go to Global Settings > Blocked Items.

You can block and clean up suspicious applications.

You can also see applications that you have blocked from running on your computers. You can see who blocked the application and why.

About blocked applications

You can block applications using their SHA-256 hash. This prevents suspicious applications from running on your Windows devices.

You can only block applications. SHA-256 hashes for other items, or for files Sophos believes to be safe, are ignored.

When you block an application it's cleaned up on any Windows devices it's already on.

You can also clean up and block applications when you investigate a threat graph.

Block an application

To block and clean up an application:

  1. Click Add.
  2. Enter the application's SHA-256 hash.
  3. Enter a reason for blocking the application.
  4. Click Add.
    • Click Add Another if you want to block more than one application.
  5. When you have finished, click Save on the Blocked Items page.

This blocks the application on all computers and cleans it up on computers it's already on.

Remove an application from the block list

You can remove applications from the block list if you've decided that they aren't suspicious. To do this:

  1. Select the application in the list and click Remove.
Back to top