Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 12372 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mal/Generic-S alert on Sophos Enterprise Console

Phil3163

Hi there,

This is my first post :).

I would like to say hello to everyone, and thanks for any help in advance!

Anyway, I work in a school of around 700 computers. Slowly, 1 by 1, they are starting to show up in the Enterprise Console as having a Virus on them.

When I check, it is a Sophos update file (this seems to be much like the problem back in Sept 2012).

It is in the following location:

C:\System Volume Information\_restore{***random numbers/letters***}\RP310(***this changes as well***)\A0418322.exe (Again, the file name can change as well lol).

Anyway, I have looked at the file, and it is a Sophos file, presumably for the updates (quite new to Sophos, I used to use another product in my old job, only started here recently lol).

I was wondering what I can do to stop it being quarentined and showing up on the list? So far it has been qurentined on around 50 computers.

Is anyone else having the same problem?

I hope this all makes sense!!!

Looking forward to hearing some feedback :).

Phil

:36359


This thread was automatically locked due to age.
Parents
  • 0

    Hello Phil,

    the file in question does not exist (looked on both a machine which has been "infected" and not "infected")

    I can imagine the following: An updated detection identity (IDE) caused the file to be identified as very likely malicious on all (or many) machines and subsequently removed (in my experience Mal/Generic-S could sometimes "misjudge" and subsequently clean - i.e. most of the time delete - legitimate but uncommon files). Not much later (perhaps with the help of Live Protection, perhaps due to samples sent) the files have been vindicated. For those clients which have accessed the RP in the meantime you got the additional detection, for others not.

    Christian   

    :36389
Reply
  • 0

    Hello Phil,

    the file in question does not exist (looked on both a machine which has been "infected" and not "infected")

    I can imagine the following: An updated detection identity (IDE) caused the file to be identified as very likely malicious on all (or many) machines and subsequently removed (in my experience Mal/Generic-S could sometimes "misjudge" and subsequently clean - i.e. most of the time delete - legitimate but uncommon files). Not much later (perhaps with the help of Live Protection, perhaps due to samples sent) the files have been vindicated. For those clients which have accessed the RP in the meantime you got the additional detection, for others not.

    Christian   

    :36389
Children
No Data