CIS blocking app as PUP that has been excluded

I have added an application to the exclusion list for the AV, it still gets blocked as a PUP. How can I fix this?

Can you check the D+ logs to see if the Sandbox is involved here?

I have disabled everything except the AV itself.

There is a log of the detection, it is in the Antivirus events. It shows action = detect and status = success. There is no defense + log entry.

Where is the application that is getting detected located? Do you have “detect potentially unwanted applications” set in file rating settings? And is the app in question have a rating in the file list as malicious? Is the alert from the AV or does it come up as a cloud scanner alert?

That is the trick. I added it as a trusted app in the file rating section, and it is no longer getting blocked. So, I have to have two exclusions listed. One for the AV detection and one for the file rating.