Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 6 subscribers
  • Views 9653 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quarantined file disappeared from the manager

doxsys
I'm running a scan on my entire hard drive using the Mac OS free edition. I had a warning pop up that a file was infected and quarantined. I opened the quarantine manager per instructions, which had one file in it. I highlighted the file, and when I clicked on the 'more details' button, the file disappeared. The scan is set to just log bad files (rather than move them or clean them up), so this is a bit disconcerting. The only thing I noticed about it was that it was called Info.plist. Any thoughts on whether this is something to worry about?
:1006353


This thread was automatically locked due to age.
Parents
  • 0

    Anyway, more to original topic of this thread is the fact that these threats are staying in the window, not vanishing, allowing me to see their location and decide how to handle them. Not sure what, if anything has changed, perhaps the files that vanished before were suspicious but weren't able to be identified as a known threat, so they were logged then rermoved from the window? 

    I'm not sure what changed either, but that original behaviour was definitely non-standard.  Unfortunately the product isn't  yet smart enough to remove files if they don't reach a certain suspicion threshold -- currently anything suspicious under OS 8 will be logged silently (if the option's enabled) but will not show up in the QM.  This way, us analysts can write active detection for the file, but you don't get stuck with a bunch of false detections.

    So the glitch is still a mystery....

    Good to hear that everything is working as designed now, though.

    :1006797
Reply
  • 0

    Anyway, more to original topic of this thread is the fact that these threats are staying in the window, not vanishing, allowing me to see their location and decide how to handle them. Not sure what, if anything has changed, perhaps the files that vanished before were suspicious but weren't able to be identified as a known threat, so they were logged then rermoved from the window? 

    I'm not sure what changed either, but that original behaviour was definitely non-standard.  Unfortunately the product isn't  yet smart enough to remove files if they don't reach a certain suspicion threshold -- currently anything suspicious under OS 8 will be logged silently (if the option's enabled) but will not show up in the QM.  This way, us analysts can write active detection for the file, but you don't get stuck with a bunch of false detections.

    So the glitch is still a mystery....

    Good to hear that everything is working as designed now, though.

    :1006797
Children
No Data