Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 12374 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mal/Generic-S alert on Sophos Enterprise Console

Phil3163

Hi there,

This is my first post :).

I would like to say hello to everyone, and thanks for any help in advance!

Anyway, I work in a school of around 700 computers. Slowly, 1 by 1, they are starting to show up in the Enterprise Console as having a Virus on them.

When I check, it is a Sophos update file (this seems to be much like the problem back in Sept 2012).

It is in the following location:

C:\System Volume Information\_restore{***random numbers/letters***}\RP310(***this changes as well***)\A0418322.exe (Again, the file name can change as well lol).

Anyway, I have looked at the file, and it is a Sophos file, presumably for the updates (quite new to Sophos, I used to use another product in my old job, only started here recently lol).

I was wondering what I can do to stop it being quarentined and showing up on the list? So far it has been qurentined on around 50 computers.

Is anyone else having the same problem?

I hope this all makes sense!!!

Looking forward to hearing some feedback :).

Phil

:36359


This thread was automatically locked due to age.
Parents
  • 0

    HI Christian,

    Thanks for your reply.

    Yeah, I understand the logic of it being in a restore point, but it doesn't make sense to suddenly show up today, and never before?

    I have recently installed Windows Updates, and I'm pretty sure the computers create a restore point when they install, but I can't see that being the reason....but still, I could be wrong.

    As to thinking it's a Sophos file; that's because I see it has the same naming system as other Sophos files (See picture).

    BUT, on looking it it's properties for about the 10th time, it finally came up with an icon for the file, that wierd "7" which you can see in the picture. This makes me believe that maybe it isn't actually a Sophos file, but a genuine virus which has managed to get in, but luckily is being blocked.

    Let me now what you think :)

    The picture is on a test virtual machine which can access the domain. It is running XP SP3. Half of the school is XP SP3, the other is W7 SP1.

    :36363
Reply
  • 0

    HI Christian,

    Thanks for your reply.

    Yeah, I understand the logic of it being in a restore point, but it doesn't make sense to suddenly show up today, and never before?

    I have recently installed Windows Updates, and I'm pretty sure the computers create a restore point when they install, but I can't see that being the reason....but still, I could be wrong.

    As to thinking it's a Sophos file; that's because I see it has the same naming system as other Sophos files (See picture).

    BUT, on looking it it's properties for about the 10th time, it finally came up with an icon for the file, that wierd "7" which you can see in the picture. This makes me believe that maybe it isn't actually a Sophos file, but a genuine virus which has managed to get in, but luckily is being blocked.

    Let me now what you think :)

    The picture is on a test virtual machine which can access the domain. It is running XP SP3. Half of the school is XP SP3, the other is W7 SP1.

    :36363
Children
No Data