Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 15232 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Fake AV Malware Not Stopped

Stony

Why doesn't Sophos stop Malware, especially Fake AV malware, like it does viruses? We have a corporate license and all machines are up-to-date with Sophos AV but more & more we spend too much time removing malware & tracking down other changes that were made by the malware that have disabled programs.

:3565


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Sophos most certainly should be stopping the malware.  Malware is just a general all encompassing term for malicious software which Sophos aims to fully control.   I can only suggest that anything you find that Sophos is not detecting and you feel is malware, you send a sample submission to Sophos Labs.  

    As you're clearing it up and are aware of it, what is detecting it, Sophos or are you using another piece of security software as well?  Is it that Sophos is detecting it once it's too late and the machine is already infected, in which case it maybe that the configuration may need to be changed.

    Are you able to list the version of Sophos you are using, do you use the latest package or a fixed package?

    Do you have HIPS and BOPS enabled?  

    Sophos BHO enabled?

    How frequent do you update from Sophos, I.e.: what is the schedule of SUM/EMLibrary updating from Sophos and then the schedule of the clients updating from the distribution share?  This should determine the worst case latency.

    Do you enforce any device control or application control policies to reduce the likelihood of malware being introduced?  How about a web and email appliance?  It is advisable to layer security measures and policies where possible (or to the extent that budget permits I guess) to reduce the chance of infection.

    To put a relevant football spin on it: to rely solely on AV at the client is like just fielding a goal keeper. :)  

    Thanks,

    Jak

    :3570
Reply
  • 0

    Hi,

    Sophos most certainly should be stopping the malware.  Malware is just a general all encompassing term for malicious software which Sophos aims to fully control.   I can only suggest that anything you find that Sophos is not detecting and you feel is malware, you send a sample submission to Sophos Labs.  

    As you're clearing it up and are aware of it, what is detecting it, Sophos or are you using another piece of security software as well?  Is it that Sophos is detecting it once it's too late and the machine is already infected, in which case it maybe that the configuration may need to be changed.

    Are you able to list the version of Sophos you are using, do you use the latest package or a fixed package?

    Do you have HIPS and BOPS enabled?  

    Sophos BHO enabled?

    How frequent do you update from Sophos, I.e.: what is the schedule of SUM/EMLibrary updating from Sophos and then the schedule of the clients updating from the distribution share?  This should determine the worst case latency.

    Do you enforce any device control or application control policies to reduce the likelihood of malware being introduced?  How about a web and email appliance?  It is advisable to layer security measures and policies where possible (or to the extent that budget permits I guess) to reduce the chance of infection.

    To put a relevant football spin on it: to rely solely on AV at the client is like just fielding a goal keeper. :)  

    Thanks,

    Jak

    :3570
Children
No Data