An end-user was e-mailed the location to an HTA file via UNC path (\\servername\fileshare\file.HTA). When the end-user double-clicked on the link in Outlook the Hitman.Pro service prevented the action and shut down Outlook.exe and logged an alert.
When the same UNC link is sent via Skype for Business in a chat window, the end-user can click on the UNC link and Sophos will not detect it as malicious behavior.
This seems to me like inconsistent behavior. If that's not the case, I'd be open as to the 'why'.
~Pete
This thread was automatically locked due to age.
