Pre-authorize potentially suspicious items

If you want to allow the use of an application or file that Sophos Endpoint Security and Control has not yet classified as suspicious, you can pre-authorize it by adding it to the list of authorized items yourself.

  1. Check which anti-virus and HIPS policy is used by the group or groups of computers you want to configure.

    See Check which policies a group uses.

  2. In the Policies pane, double-click Anti-virus and HIPS.
  3. Double-click the policy you want to change.
    The Anti-Virus and HIPS Policy dialog box is displayed.
  4. Click Authorization.
    The Authorization Manager dialog box is displayed.
  5. Click the tab for the type of behavior that has been detected.

    In this example, we'll use Buffer Overflow.

  6. Click New entry.
    The Open dialog box is displayed.
  7. Browse to the application, and then double-click it.

The suspicious application appears in the Authorized applications list.

If you have made a mistake or simply want to remove an application from the Authorization Manager, delete it from the list of known files:

  1. In the Authorization Manager dialog box, click the tab for the type of behavior that has been detected.

    In this example, we'll use Suspicious Files.

  2. In the Authorized files list, select the file.
  3. Click Remove.
  4. In the Known files list, select the file.
  5. Click Delete entry.