Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 6957 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to bypass scanner for something it thinks is a "virus"

givemecontrol

In this case, its the daz loader. Sophos thinks its a virus. I know its not. I added it to the policy as excluded, however on my machine, some other files give the option to "authorize" a file as OK.

All i get for this file is "move" or "delete", neither of which I want to do.

Putting it as an exclusion is probably good for future stuff, but it will be sitting in my quarantine till i do something with it which i dont like. How to whitelist something that sophos is convinced is a virus? specifically http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~AutoRun-BSY.aspx

I know its not, and while it may be of questionable leaglity, that is really none of sophos's business.

:45575


This thread was automatically locked due to age.
  • 0

    You can only authorize items detected as Potentially Unwanted Applications under Application Control.  It isn't possible to whitelist (authorize) items detected as Troj, W32, Mal, and others.  When the item is detected as W32/... the options will be - as you have experienced - to either cleanup, move, or delete.

    I asked SophosLabs to check the detection for v2.2.1 (I provided them a sample) and they confirmed it is correct.  You should be aware that Sophos isn't alone in detecting the file as malicious.

    From what I can tell the program has no legal purpose as it's only intended to break Microsoft's WAT.  Sophos isn't in the business of allowing or disallowing pirated software, however we certainly do not encourage it.  In this case it's worked out that we prevent a dubious piece of software from running.

    If the program has a non-obvious legitimate reason to be allowed please post back.

    :45585
  • 0

    Thank you for the information.

    I am aware that most virus scanners detect it as melicious.

    You have correctly identified the purpose of the program, I am not denying it. I use it for personal reasons on non corporate assets (mostly fixing peoples home computers), just so happens to be stored on our corporate network.

    Hopefully excluding it will work out to prevent error messages from reoccuring.

    It is disingenuous to call it a virus however. More likely it is a potentially unwanted application, but I understand you may have other legal reasons for filing it as such (cue conspiracy theories, M$ forcing your hand, etc).

    :45617
  • 0
    givemecontrol wrote:

    It is disingenuous to call it a virus however. More likely it is a potentially unwanted application,

    Agreed.  That was the main point of my query to SophosLabs: "Is this a virus?".  It isn't really, but the labs' policy is to categorize such items as malware and that's not likely to change.

    I think if it was a semi-legit program I could pursue (with the labs) the idea of re-classifying it but because of what it is there isn't much point - corporate or home use it's still illegal.  Hence nothing I can do.  Soz.

    :45623