Understanding Generic PUA Detections

  • Article ID: 116232
  • Rating:
  • 85 customers rated this article 2.6 out of 6
  • Updated: 04 Sep 2015

This article explains Generic Potentially Unwanted Application (PUA's) detections.

Applies to the following Sophos product(s) and version(s)
Sophos Endpoint Security and Control

Generic PUA detections provide users of LiveProtection with timely detection of new and updated Potentially Unwanted Applications. Detections can be cleaned, authorized, or sent to the lab to have a named detection added.  

What is a Potentially Unwated Application (PUA)?

Overview of PUA.

The threat name takes the form Generic PUA - xy where xy is a two letter code, e.g. AB. This two-letter code following Generic PUA in the threat name remains constant for a given file, but will usually be different for two different files, even if they are versions of the same PUA. 

These detections can be authorized. However, when specific, named detection is released, the application may need to be authorized again. To avoid any confusion we recommend de-authorizing the Generic PUA detection after the specific, named detection is released.

If you are uncertain about the nature of something detected as Generic PUA, or if specific, named detection is desired for authorization purposes, please submit a sample. Consideration will also be given to requests for reclassification of PUA detections under Application Control.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent