vcu sophos pua manual
TRANSCRIPT
Sophos PUA Manual
What’s A PUA? A PUA is a Potentially Unwanted Application. The key word here is potentially. In some cases, it may
be adware or hacking tools installed on your computer. In other cases, it may be something you installed
and want to use on your computer (Weatherbug is an example).
Scanning for PUAs If you’ve downloaded and installed the Sophos package from Technology Services’ public web site, your
version of SophosAV will automatically scan for PUAs. We’ve set up the program to do these scans in
the background on Wednesday, Friday and Sunday at noon and 6 pm. These scans will only occur if
your computer is turned on.
Once a scan is completed, it will populate your quarantine with the names of the PUAs it finds on your
computer. Unlike viruses and spyware, PUAs in your quarantine list will not stop running unless you
remove them. If you’re not worried that any of these programs might cause problems, you don’t need to
do anything. You just need to know they will be listed in your quarantine list. However, if you are
worried that one of these programs might do something bad, you can remove it from your computer using
your Sophos interface.
If you do choose to pay attention to PUAs, once you allow a PUA, Sophos won’t mark it on subsequent
scans. Subsequent scans will only catch
and mark new PUAs it finds.
To check now for PUAs, scan your
computer. It will start as soon as you click
on Scan My Computer. This may take a
few minutes.
Working in Quarantine Manager To see if Sophos has found any PUAs, open
Sophos (right-click on the blue shield on
your system tray and choose Open). Then
click on Manage Quarantine Items.
You’ve opened up the Quarantine
Manager.
Click on the Applications Tab to open up
the PUA list. You’ll see a list of PUAs
your computer found during the scan.
Here is where you can decide if you want
to remove any of the PUAs.
VCU Sophos PUA Manual Page 2
Learning About PUAs How to decide if you want to remove a program? Well, depends… if you recognize a program, you
probably want to keep it. If you don’t recognize it, or you installed the program, but now you’re worried
because it showed up on the PUA list, you can double-click on the name of the program. This will bring
up a web site from Sophos with information about the program to help you decide.
Clicking on the tabs brings up different information.
If you decide you want to remove the application,
there are instructions for removal on the Recovery
tab.
You may also be able to remove the application from
the Sophos Quarantine Manager.
How to Remove a PUA Click on the box next to the item. If you see
the Cleanup button enabled you can clean
the PUA from the computer. Click on
Cleanup. This message will come up:
Click on Yes to All.
VCU Sophos PUA Manual Page 3
Then the removal process will continue:
And POOF, it’s gone! Click Close.
Allowing PUAs in Quanantine Manager Okay, so what if you want to allow a PUA?
That’s easy too. From that same window,
click on the box next to the name of the
application you want to allow, and click on
Authorize. That’s it! You’ve allowed that
application to run.
How to Manage PUAs
So what if you want to see what PUAs
your computer has found, and which ones
you have allowed to run? That’s easy too.
Click Configure Sophos Anti-Virus
VCU Sophos PUA Manual Page 4
Click Authorized Application List
You will see a list of applications. Those
on the left have been found by Sophos,
and those on the right are found
applications that you have authorized.
You can manage your allowed
applications from this window. To allow
an application, select the application from
the Known Applications list. The Add
button will become available. Click on the
Add button and the application will move
over to your Authorized application list.
Then click OK. That’s all you have to do.
Unless there’s a change in the program, it
shouldn’t show up in your Quarantine list
again.
Anything you leave in your Known
applications list will continue to run unless
you remove it. It will not hurt anything if
you leave it in this list while you decide
what to do, but know that if you think it is
something you don’t want, you will need to
follow the instructions above to remove it.
Disallow an application by doing the
reverse: Click on an application on the
Authorized application list, then click
Remove to put it on the Known
applications list. After a scheduled scan or
manual scan, the application will appear in
Quarantine Manager again. There you can
remove it from the computer if you wish.
VCU Sophos PUA Manual Page 5
How to Block PUAs You can set Sophos up to completely block PUAs from running, unless they’ve been authorized on the
Authorized application list (as in the above section).
Disclaimer: This is not something you should do unless you know that you won’t want to run any
PUAs in the future. Blocking PUAs may mean that programs you may want to run will be
prevented from loading, downloading or running and may have other implications.
To set Sophos to block all (non-authorized) PUAs, open Sophos and
click on On-access scanning. On the Scanning tab, click on Scan
for potentially unwanted application, and then click OK. Now you
can close Sophos. This blocks all PUAs unless they are specifically
allowed (see How to Manage PUAs above).
Installing an Application when PUAs are Blocked. When you attempt to download an application if you have PUAs blocked, Sophos
will give you an alert and block the download.
If you want to allow an application to load, you’ll need to first unblock the
installer package, and then, once you attempt to install the application, you’ll need
to repeat the steps to allow the application to run.
When you get an
alert like the one
on the left, close
the alert (click on the red “x” box on the
top right). Then open Sophos and click
on Items in Quarantine. Make sure
you’re on the Applications tab. In this
example, we’re attempting to install
Weatherbug, so click on the box next to
Weatherbug Installer and then click on
Authroize at the bottom. Now you’ll
have to go back and re-download the
application.
This step authorizes the installer. It does
not authorize the application itself.
VCU Sophos PUA Manual Page 6
Once the installer is download, when you attempt to install the application,
you’ll get another alert. Now you have to repeat the above steps again to allow
the application to run. Close the alert and open Sophos, click on Items in Quarantine, make sure you’re on the Applications tab, and click on the box
next to the item
you’re attempting
to install, then
click on Authorize.
If the installer was downloaded onto your
desktop (or into a folder), you can now re-
install the application. If you were
installing live, you may need to go back to
the application’s website and re-download
the application in order to install it. If you
get another alert, you may need to repeat
this process again to complete the install
(you’ll need to do this each time you get
an alert).
You can manage applications installed in this manner by following the instructions in the How to
Manage PUAs section above.
The VCU default configuration provides a scan for PUAs. To learn how to create such a scan, see the
handout at www.ts.vcu.edu/security/Set_up_a_scan.pdf
If you have any questions about PUAs or Sophos , you can ask the Help Desk.
Phone (804) 828-3018, e-mail [email protected], or visit www.ts.vcu.edu/helpdesk.