Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 6 subscribers
  • Views 34264 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Detected Thread disappears

bawe

OS X Yosemite 10.10.2

Detected Thread Mal/RtfExe-A: Indicated by Sophos each 10 minutes on desktop, after clicking on "Quarantine Manager" it appears listed in. But by clicking for further measures the indication of the thread always disappears.

What's wrong here?

:1020162


This thread was automatically locked due to age.
Parents
  • 0

    I have seen this "behavior" twice today on a new "Scan This Mac" on a a MacBookPro with a freshly installed Sophos-AntiVirus today.

    The MacBookPro is running Mavericks 10.9.5 with all update current.

    In one case the Malware was Mal/CryptBox-A. In this case, clicking on the "Reveal in Finder" button did not show any Path and filename" nor any information at all. The only additional information was that it said "Action Available: Restart Required". After restart, opening the Quarantine Manager showed the malware but after unlocking and clicking fon the Reveal in Finder, the file disappeared from the Quarantine Management. There is nothing in the logs about the file.

    This happened a second time after the scan found another file. I did not catch the name. I clicked on "Reveal in Finder" and the Malware referenced disappeared from the Quarantine Manager.

    It is easy to believe that perhaps an inexperienced user click on "Clean Up Threat" or "Clear From List". This is most definitely not the case. There is either a bug in the Quarantine Manager or perhaps the Malware is detecting Sophos and disappearing? Is that possible?

    Todays experience is not the first time I have seen this behavior - things disappearing from the Quarantine Manager - but today it is pretty clear that I carefully watched and the description that people are giving is correct.

    :1020332
Reply
  • 0

    I have seen this "behavior" twice today on a new "Scan This Mac" on a a MacBookPro with a freshly installed Sophos-AntiVirus today.

    The MacBookPro is running Mavericks 10.9.5 with all update current.

    In one case the Malware was Mal/CryptBox-A. In this case, clicking on the "Reveal in Finder" button did not show any Path and filename" nor any information at all. The only additional information was that it said "Action Available: Restart Required". After restart, opening the Quarantine Manager showed the malware but after unlocking and clicking fon the Reveal in Finder, the file disappeared from the Quarantine Management. There is nothing in the logs about the file.

    This happened a second time after the scan found another file. I did not catch the name. I clicked on "Reveal in Finder" and the Malware referenced disappeared from the Quarantine Manager.

    It is easy to believe that perhaps an inexperienced user click on "Clean Up Threat" or "Clear From List". This is most definitely not the case. There is either a bug in the Quarantine Manager or perhaps the Malware is detecting Sophos and disappearing? Is that possible?

    Todays experience is not the first time I have seen this behavior - things disappearing from the Quarantine Manager - but today it is pretty clear that I carefully watched and the description that people are giving is correct.

    :1020332
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?