Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 6 subscribers
  • Views 9666 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quarantined file disappeared from the manager

doxsys
I'm running a scan on my entire hard drive using the Mac OS free edition. I had a warning pop up that a file was infected and quarantined. I opened the quarantine manager per instructions, which had one file in it. I highlighted the file, and when I clicked on the 'more details' button, the file disappeared. The scan is set to just log bad files (rather than move them or clean them up), so this is a bit disconcerting. The only thing I noticed about it was that it was called Info.plist. Any thoughts on whether this is something to worry about?
:1006353


This thread was automatically locked due to age.
Parents
  • 0

    I was going to start a new discussion, but for some reason the New Message button is not active for me now in either Safari of Firefox.


    I just found something odd: I noticed Sophos had run, and when I clicked on it in the Dock, the QM opened. There were 4 files listed and 3 quickly vanished, while 1 remained, identified as Mal/ObfJS-B. When I clicked the name, the corresponding Sophos page opened in Safari, and on that page I found the submission link.


    The path for the threat was in the Firefox cache, and I decided to copy it to a new Quarantine folder so I'd have a sample - I didn't want to move or delete this file before I checked it out more. But when I try to copy it, I get an error message every time: The operation couldn’’’’t be completed. (OSStatus error -128).

    This is happening in Path Finder, which I use instead of Finder whenever possible. The name of this file is B9031d01, and has no extension but is listed as a document.

    I was unable to open it with TextEdit - says I don't have permissions, even though the owner and group are the usual document permissions.


    Anyway, the preview pane in Path Finder only shows a blank page for this file, I can't see any text or get any insight as to what's in it.
    When I scan this file in Path Finder, a threat is shown every time.
    So I cheched this file in Finder and it got interesting:
    In Finder, it shows up a tiny little image from some website I've visited. When I scan this file in Finder, there is no threat shown.

    I can open this image in Preview.


    Now I'm wondering if there's some sort of conflict between Sophos and Path Finder, that doesn't allow proper scanning or misidentifies files as threats.
    I recovered the 2 gifs from Time Machine that Sophos had previously identified as threats, and when I scan them now, Sophos does not identify them as threats, either in Finder or Path Finder.

    The image that is being identified as a threat in the Firefox cache, is the IconsPedia logo at the very top left of this page Iconspedia.

    Sophos keeps alerting on this every time it runs. I downloaded the logo and scanned it, and no threats are found (as expected).

    Why does Sophos think it's a threat in the FF cach in Path Finder, but not in a different folder in Path Finder and not in Finder?

    I tried to include screenshots, but they aren't showing up - something wrong with this forum. I tried 3 image hosting sites, but nothing shows up when I use the Insert/edit Image button.

    :1006647
Reply
  • 0

    I was going to start a new discussion, but for some reason the New Message button is not active for me now in either Safari of Firefox.


    I just found something odd: I noticed Sophos had run, and when I clicked on it in the Dock, the QM opened. There were 4 files listed and 3 quickly vanished, while 1 remained, identified as Mal/ObfJS-B. When I clicked the name, the corresponding Sophos page opened in Safari, and on that page I found the submission link.


    The path for the threat was in the Firefox cache, and I decided to copy it to a new Quarantine folder so I'd have a sample - I didn't want to move or delete this file before I checked it out more. But when I try to copy it, I get an error message every time: The operation couldn’’’’t be completed. (OSStatus error -128).

    This is happening in Path Finder, which I use instead of Finder whenever possible. The name of this file is B9031d01, and has no extension but is listed as a document.

    I was unable to open it with TextEdit - says I don't have permissions, even though the owner and group are the usual document permissions.


    Anyway, the preview pane in Path Finder only shows a blank page for this file, I can't see any text or get any insight as to what's in it.
    When I scan this file in Path Finder, a threat is shown every time.
    So I cheched this file in Finder and it got interesting:
    In Finder, it shows up a tiny little image from some website I've visited. When I scan this file in Finder, there is no threat shown.

    I can open this image in Preview.


    Now I'm wondering if there's some sort of conflict between Sophos and Path Finder, that doesn't allow proper scanning or misidentifies files as threats.
    I recovered the 2 gifs from Time Machine that Sophos had previously identified as threats, and when I scan them now, Sophos does not identify them as threats, either in Finder or Path Finder.

    The image that is being identified as a threat in the Firefox cache, is the IconsPedia logo at the very top left of this page Iconspedia.

    Sophos keeps alerting on this every time it runs. I downloaded the logo and scanned it, and no threats are found (as expected).

    Why does Sophos think it's a threat in the FF cach in Path Finder, but not in a different folder in Path Finder and not in Finder?

    I tried to include screenshots, but they aren't showing up - something wrong with this forum. I tried 3 image hosting sites, but nothing shows up when I use the Insert/edit Image button.

    :1006647
Children
No Data