Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 5209 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Non detection.

karl12347

Hello

We have recieved a 350 attachements today which did not get picked up by sophos endpoint protection.

We tracked it down to these links.

http://myonlinesecurity.co.uk/cvd-insurance-documents-attached-lowri-duffield-brightsidegroup-co-uk-word-doc-or-excel-xls-spreadsheet-malware/

I submitted the sample  [#5241579] 

Which replied and said that it was a new detection.

The file(s) submitted were malicious in nature and detection will be available on the Sophos Databank shortly.

  • 3098_001.doc -- identity created/updated (New detection Troj/DocDl-QH)
  • 3098_001.doc.zip -- archive file

However I have found the below link which says that it was detected earlier in June.

https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~DocDl-QH.aspx

My question is why wasnt this picked up by sophos?

Regards

Karl Forster

:57671


This thread was automatically locked due to age.
Parents
  • 0

    Hello Karl,

    [I'm a customer, not Sophos]

    why wasn't this picked up

    detections are not always perfect and fact is, it wasn't detected at this time. Normally if a detection is refined you get a response like:D735.tmp.000 => identity associated (Updated detection: Troj/Wonton-PF)Right above the complimentary close the response says Please do not hesitate in contacting us by replying to this email if you have any questions or concerns and this is what I'd do.
    Christian

    :57674
Reply
  • 0

    Hello Karl,

    [I'm a customer, not Sophos]

    why wasn't this picked up

    detections are not always perfect and fact is, it wasn't detected at this time. Normally if a detection is refined you get a response like:D735.tmp.000 => identity associated (Updated detection: Troj/Wonton-PF)Right above the complimentary close the response says Please do not hesitate in contacting us by replying to this email if you have any questions or concerns and this is what I'd do.
    Christian

    :57674
Children
No Data