Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1107 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Known Malware infects customer network

ivanildogalvao

Hello friends, I went through a serious problem for a client and would like to understand why it happened and how to prevent this disorder.

Next:

One of our customers bought us Sophos Endpoint Data Protection, it is protecting 120 workstations, a network problem for the console was 13 days without updating the virus definitions, then a known virus called W32/Chir-A and other with W32/Chir-B name entered in the customer network and caused some inconvenience, he even topple the internet link several machines had this virus, after solving the problem of the console, it updated the virus definitions, and the problem was resolved.

But ask 13 days without definitions update is enough to infect the entire network? Further by a virus known existing ha several years?

How to prevent viruses not recognized by Sophos, create major problems, is to isolate the virus in order to let him neutered?

Thank you all!

:37715


This thread was automatically locked due to age.
  • 0

    Hello ivanildogalvao.

    doesn't look like the definitions for W32/Chir have been updated recently so the missing updates shouldn't be directly related. Thus the clients even if not up to date should have been sufficiently protected with regard to the mentioned malware.

    I'm not sure I understand the exact sequence of events: How were these W32/Chir threats detected? Did they "get in" during the 13 days (and Sophos only detecting them when SEC was able to update again)? Might be necessary to examine the logs (if they still exist) so I suggest you contact Support.

    Christian

    :37721
  • 0

    What happened was this:

    Consumers bought 120 licenses for your company, Sophos installed on computers, so far so good. He forgot to remove the 30-day trial license of the console and the ultimate, then the trial license has expired and the console stopped updating virus definitions, becoming obsolete for 13 days. Then this virus entered the network http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32-Chir-B.aspx

    And several infected machines, Sophos failed to prevent this virus create some inconvenience, even though this ancient virus, discovered in 2002.

    So I do not understand why this virus caused problems if it is very old?

    Thanks !

    :37731
  • 0

    Hello ivanildogalvao,

    I agree, as said, that the missed updates don't explain the W32/Chir outbreak. You probably no longer have a sample of this threat but perhaps at least some of the logs, so please contact Support directly as there might be still some useful evidence.

    Christian 

    :37735