Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 12374 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mal/Generic-S alert on Sophos Enterprise Console

Phil3163

Hi there,

This is my first post :).

I would like to say hello to everyone, and thanks for any help in advance!

Anyway, I work in a school of around 700 computers. Slowly, 1 by 1, they are starting to show up in the Enterprise Console as having a Virus on them.

When I check, it is a Sophos update file (this seems to be much like the problem back in Sept 2012).

It is in the following location:

C:\System Volume Information\_restore{***random numbers/letters***}\RP310(***this changes as well***)\A0418322.exe (Again, the file name can change as well lol).

Anyway, I have looked at the file, and it is a Sophos file, presumably for the updates (quite new to Sophos, I used to use another product in my old job, only started here recently lol).

I was wondering what I can do to stop it being quarentined and showing up on the list? So far it has been qurentined on around 50 computers.

Is anyone else having the same problem?

I hope this all makes sense!!!

Looking forward to hearing some feedback :).

Phil

:36359


This thread was automatically locked due to age.
Parents
  • 0

    Hello Phil,

    right, the bunch around the suspicious item is definitely Sophos (SAV as far as I can see). The icon is definitely something else (and you won't see a Sophos file with a Modified date that old). 

    Did you have to turn off on-access checking to access the file or can you now access it "freely" (if you have Live Protection with sending samples enabled it might have been processed and classified in the meantime)? I suggest you pack it up and submit it to Support though to make sure about its nature.

    Christian

    :36367
Reply
  • 0

    Hello Phil,

    right, the bunch around the suspicious item is definitely Sophos (SAV as far as I can see). The icon is definitely something else (and you won't see a Sophos file with a Modified date that old). 

    Did you have to turn off on-access checking to access the file or can you now access it "freely" (if you have Live Protection with sending samples enabled it might have been processed and classified in the meantime)? I suggest you pack it up and submit it to Support though to make sure about its nature.

    Christian

    :36367
Children
No Data