Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 8 subscribers
  • Views 4320 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Inconsistent action of Hitman.Pro when opening an HTA extension in different applications.

Pete B

An end-user was e-mailed the location to an HTA file via UNC path (\\servername\fileshare\file.HTA). When the end-user double-clicked on the link in Outlook the Hitman.Pro service prevented the action and shut down Outlook.exe and logged an alert.

When the same UNC link is sent via Skype for Business in a chat window, the end-user can click on the UNC link and Sophos will not detect it as malicious behavior.

This seems to me like inconsistent behavior. If that's not the case, I'd be open as to the 'why'.

 

~Pete



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Haridoss Sreenivasan

    I'd like to also note that I believe the Sophos action is valid and as expected. My concern is that Sophos isn't consistent in regards to how it reacts when the HTA file is accessed between different Windows applications (Outlook vs. Skype for Business or other untested collaboration applications).

     

    Cheers,

     

    ~Pete

Children
Unfiltered HTML