On-Premise Endpoint

Sophos Endpoint Software Sophos Non detection.

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 1 reply
Subscribers 1 subscriber
Views 5209 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Non detection.

karl12347 over 10 years ago

Hello

We have recieved a 350 attachements today which did not get picked up by sophos endpoint protection.

We tracked it down to these links.

http://myonlinesecurity.co.uk/cvd-insurance-documents-attached-lowri-duffield-brightsidegroup-co-uk-word-doc-or-excel-xls-spreadsheet-malware/

I submitted the sample [#5241579]

Which replied and said that it was a new detection.

The file(s) submitted were malicious in nature and detection will be available on the Sophos Databank shortly.

3098_001.doc -- identity created/updated (New detection Troj/DocDl-QH)
3098_001.doc.zip -- archive file

However I have found the below link which says that it was detected earlier in June.

https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~DocDl-QH.aspx

My question is why wasnt this picked up by sophos?

Regards

Karl Forster

This thread was automatically locked due to age.

0 QC over 10 years ago

Hello Karl,
[I'm a customer, not Sophos]
why wasn't this picked up
detections are not always perfect and fact is, it wasn't detected at this time. Normally if a detection is refined you get a response like:D735.tmp.000 => identity associated (Updated detection: Troj/Wonton-PF)Right above the complimentary close the response says Please do not hesitate in contacting us by replying to this email if you have any questions or concerns and this is what I'd do.
Christian
:57674
Cancel
Vote Up 0 Vote Down

Cancel