You can deactivate a sandfly if you never want it run. This may be something you want to do if it is causing a false alarm in your environment and whitelisting the alert is not helping.
Deactivating vs. Whitelisting
Deactivating a sandfly in the master list disables that check for all systems. If you have a false alarm only on one or a few hosts, you should consider whitelisting the alert instead. Whitelisting will mean that sandfly list is not run only on the selected host(s) and not globally.
We have worked very hard to ensure false alarms do not happen, but if you have an unusual environment or configuration it is possible a Sandfly may deem it suspicious and alert. If this happens, you can try deactivating it by clicking on the check box to the right of it.
In the example below we have selected a sandfly by clicking on the box to activate the checkbox. Another click to de-select it will make it inactive.
Again, deactivating the sandfly here shuts it off for all systems. If this is not what you want, consider whitelisting the sandfly if it is only activating as a false alarm on a few systems.
Updated 2 months ago