Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 6 subscribers
  • Views 3328 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does "Move threat to Folder" -- not actually work?

stevemaser

So, my On-Access Scanning preferences (with Sophos 8.0.10) are set to:

When a threat is found:  Deny access and move threat

Move threat to folder:  <various folder locations tested>

If I download eicar.com from:  

http://www.eicar.org/85-0-Download.html

The file is downloaded.   Sophos flags this in the Qurantine Manger.

But the file is still in it's default downloaded location (which I've tried various locations as well...)

Am I missing what *should* be happening with the "move threat" option with malware downloaded with a web browser?   Or is this something that is not actually working?

:1011374


This thread was automatically locked due to age.
Parents
  • 0

    Actually, I don't know if we have a use case for the move action -- other than there were instances where we might want to keep malware for future examination/testing.  

    I think the case (when we originally set this up) was more along those lines -- just shunt the file out of the way for now and have the local system administrator come look at what it was to see if they need to do a deep-dive cleanup of whatever the malware was.

    It may not be something that the average user would want to have the option to do.

    :1011432
Reply
  • 0

    Actually, I don't know if we have a use case for the move action -- other than there were instances where we might want to keep malware for future examination/testing.  

    I think the case (when we originally set this up) was more along those lines -- just shunt the file out of the way for now and have the local system administrator come look at what it was to see if they need to do a deep-dive cleanup of whatever the malware was.

    It may not be something that the average user would want to have the option to do.

    :1011432
Children
No Data