Threat Analysis Centre - Threat searches. Does it work?

Hi Simeon,

It certainly does work, there are just a few things to consider:

it will find files with uncertain or bad reputation

You have given enough time for the file to have been scanned and details sent to the platform

See more here: https://community.sophos.com/kb/en-us/133017

You can grab a tool to test the feature here: https://community.sophos.com/products/intercept/early-access-preview/b/blog/posts/fakedrop---a-quick-and-dirty-testing-and-demo-tool-for-edr

Regards,

Stephen

Thanks Stephen. I think I've therefore misunderstood the statement "Search for potential threats on your devices. You can search for file names, SHA-256 file hashes, IP addresses, domains or command lines." Are you saying that I can only search for hashes which Sophos has already identified has having an uncertain or bad reputation? I can't create a file hash of any file and search for that across my devices?

Thanks

SImeon

Not quite, probably best to think of it the other way round, if Sophos hasn't identified it as good. 

So, if you download a well known file, that Sophos has identified as good, it will not appear in your search. But lots of less prevalent files will; such as those used in the test tool i linked to. 

Regards,

Stephen