Advisory: Changes to the PUA and Application Control data sets

  • Article ID: 114059
  • Rating:
  • 1 customers rated this article 3.0 out of 6
  • Updated: 02 Sep 2011

Sophos is currently in the process of moving applications from our list of Potentially Unwanted Applications (PUAs) to the Application Control list. The decision to move these applications is considered on a case by case basis. Please note that these changes will not affect malware detection.

What changes are being made?
At the end of August 2011, Sophos will move PWDump, John the Ripper and L0phtCrack from our PUA list to our Application Control list. They will be located under the “Password / licence recovery tool” category.

If you have PUA detection enabled and you wish to maintain the same level of protection against these applications, Sophos recommends that you block them from running unless you have a case to allow them to run.

If you want to consider other applications to block at the same time, a full categorised list can be found here:
http://www.sophos.com/en-us/threat-center/threat-analyses/controlled-applications.aspx

Background
Application Control provides a high level of granularity to allow, block, or monitor applications on your network. Sophos constantly expands the number of applications which are detected. We strive to add the most common applications on a monthly basis and also fulfil direct requests from our customers.

Where a requested application is seen to have a legitimate purpose but may have a reason to be controlled, we will add detection for it within our maintained list of applications. Likewise, we will consider requests to move application identities from our existing list of Potentially Unwanted Applications (PUAs) to our Application Control list when they also meet these criteria.

We pre-notify customers of any changes and additions through the following page on the SophosTalk forum: http://community.sophos.com/t5/Sophos-Endpoint-Protection/Monthly-additions-to-Application-Control/td-p/1128.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments