Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 12374 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mal/Generic-S alert on Sophos Enterprise Console

Phil3163

Hi there,

This is my first post :).

I would like to say hello to everyone, and thanks for any help in advance!

Anyway, I work in a school of around 700 computers. Slowly, 1 by 1, they are starting to show up in the Enterprise Console as having a Virus on them.

When I check, it is a Sophos update file (this seems to be much like the problem back in Sept 2012).

It is in the following location:

C:\System Volume Information\_restore{***random numbers/letters***}\RP310(***this changes as well***)\A0418322.exe (Again, the file name can change as well lol).

Anyway, I have looked at the file, and it is a Sophos file, presumably for the updates (quite new to Sophos, I used to use another product in my old job, only started here recently lol).

I was wondering what I can do to stop it being quarentined and showing up on the list? So far it has been qurentined on around 50 computers.

Is anyone else having the same problem?

I hope this all makes sense!!!

Looking forward to hearing some feedback :).

Phil

:36359


This thread was automatically locked due to age.
Parents
  • 0

    Hello and welcome, Phil

    that it (whatever it is) is found in a restore point usually indicates that that there was a preceding detection in some regular location which has been dealt with. Thus you should search the computer details or the Anti-Virus logs (SAV.txt) on the client for Mal/Generic-S which should tell you what and where the original file has been. Short explanation (for details please see System Restore on Wikipedia): A potential threat has been removed and Windows upon detecting the file was gone attempted to restore it, the attempt was intercepted, the detection triggered and the restore blocked BTW: Mal/Generic-S uses Live Protection if enabled, the results - including the subsequent action - depend also on the circumstances of the detection).

    it is a Sophos update file

    Why do you think it is a Sophos update file, do you have the details (name, version ...)?

    BTW: RP310 is an arbitrary name as well :smileywink:

    So, the important step is to identify the original detection. Only with this information it makes sense to suggest further steps.

    Christian

    :36361
Reply
  • 0

    Hello and welcome, Phil

    that it (whatever it is) is found in a restore point usually indicates that that there was a preceding detection in some regular location which has been dealt with. Thus you should search the computer details or the Anti-Virus logs (SAV.txt) on the client for Mal/Generic-S which should tell you what and where the original file has been. Short explanation (for details please see System Restore on Wikipedia): A potential threat has been removed and Windows upon detecting the file was gone attempted to restore it, the attempt was intercepted, the detection triggered and the restore blocked BTW: Mal/Generic-S uses Live Protection if enabled, the results - including the subsequent action - depend also on the circumstances of the detection).

    it is a Sophos update file

    Why do you think it is a Sophos update file, do you have the details (name, version ...)?

    BTW: RP310 is an arbitrary name as well :smileywink:

    So, the important step is to identify the original detection. Only with this information it makes sense to suggest further steps.

    Christian

    :36361
Children
No Data