Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 10 subscribers
  • Views 3145 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why 10 threat cases have been created for single malware in e-mail attachment

Nikola Djurdjevic

Hi all,

 

I have noticed, that sometimes 10 threat cases are created for single malware in e-mail attachment.

One user has received e-mail which contains Trojan in attachment. It is blocked by Sophos and Threat Case is created.

However, it seams that every 3 minutes new Threat Case is created for same file. We have multiple cases like this and it seams it creates 10 threat cases per malware.

I don't know is it related to Microsoft Outlook refresh interval but it creates a lot of duplicate Threat Cases.

How Threat Case is created and why do we have 10 threat cases for single e-mail ?

 

Thank you in advance,

Nikola Djurdjevic



This thread was automatically locked due to age.
Parents
  • 0

    Hello  

    Please go through the article below for reference on Threat Cases:

    Sophos Central: Threat Cases overview

    Also the screenshots are a bit too small to see detail. Are these threat instances for a single device?

  • 0 in reply to DianneY

    Hi DianneY,

    thank you for your feedback. I will check the reference you gave me.

    First 10 are for one device while the other 10 are for another device. The common for both is that they have received e-mail with malware in attachment. So, two users on two different machines receives two different e-mails with two different malwares. For each mail 10 threat cases have been created. If I would go trough each I would see that they point to same file. The interesting thing is that each case is created in timespan of 3 minutes. It is not possible that User have opened the same file 10 times in each 3 minutes.

    Sorry for picture sizes. I have made a screenshot (big pictures) but somehow they are small on this question editor.

    Kind regards,

    Nikola

Reply
  • 0 in reply to DianneY

    Hi DianneY,

    thank you for your feedback. I will check the reference you gave me.

    First 10 are for one device while the other 10 are for another device. The common for both is that they have received e-mail with malware in attachment. So, two users on two different machines receives two different e-mails with two different malwares. For each mail 10 threat cases have been created. If I would go trough each I would see that they point to same file. The interesting thing is that each case is created in timespan of 3 minutes. It is not possible that User have opened the same file 10 times in each 3 minutes.

    Sorry for picture sizes. I have made a screenshot (big pictures) but somehow they are small on this question editor.

    Kind regards,

    Nikola

Children
Unfiltered HTML