Good Morning,
I have had a search on the forum, but I can't see any way to currently do this / this having been suggested already/
At the moment, when a file is detected against a certain rule (e.g. PUP.Optional.BundleInstaller) then you can remove it, ignore it once or ignore it always. There are use cases I have where I have an application that is detected as 'PUP.Optional.BundleInstaller'; which I want to keep - however if in a future update that application then started containing a non-PUP malware (due to a supply chain attach or similar) I would want that to be detected and/or removed. I also still want to detect PUP more widely; so I can't just ignore that detection type.
As such, would I like the functionality to do is for a file/registry entry/etc on the Allow List is have the ability to set it to allow any detection or only a sub-set. You could have a system-setting that controls the default behaviour when you ignore a file/etc (current detection / all), allow the user to choose each time or even default to adding the current detection only as the normal of cases where a file/etc will legitimately meet multiple detections over time is likely to be low.
Thanks,
Robert
