Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 12393 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Threat Def updates 7/13/2015 - Detection Engine 3.60.0 flagging Microsoft SCCM 2012

JSchaff_T2

Please advise.  Multiple instances today since Sophos Endpoint Security & Control updated where SCCM 2012 installation and config files are being identified as malware and blocked/removed. 

Malware ID info: Mal/Medfos-K - C:\Windows\ccmcache\4x.BDRTEMP\Temp\work\ProPlus.WWVBIT2323.tmp

Enterprise Console 5.2.2

Windows 7 Enterprise SP1

SAV - 10.3.13.276

Detect Engine - 3.60.0

Detect Data - 5.16

Detect IDs - 286

HIPS rules v. - 10.3.143.1

HIPS config v 1.0.65.1

Sophos Auto Update - 4.1.0.273

This is causing multiple issues with our software deployment solution suite as it's blocking removal files and preventing updated installers from running on endpoints. 

Submitted a False Positive ticket with Sophos Support - Ticket #5298542. 

:57943


This thread was automatically locked due to age.
Parents
  • 0

    We are having a similar situation with SCCM 2012 when pushing an Adobe Acrobat patch. Sophos detects one of our BITxxxx.tmp files as Troj/HkMain-CX and alerts all our test machines. We have reopened our ticket after the updated definitions marked a different file a second time. VirusTotal came back all clear except Sophos. Running definitions 5.17 now.

    Edit: Our second ticket with Sophos resulted in an updated definition. Testing environment did not flag any detection. Had to make sure the manager had gotten the correct definitions and that it was pushing out to the clients.

    :58028
Reply
  • 0

    We are having a similar situation with SCCM 2012 when pushing an Adobe Acrobat patch. Sophos detects one of our BITxxxx.tmp files as Troj/HkMain-CX and alerts all our test machines. We have reopened our ticket after the updated definitions marked a different file a second time. VirusTotal came back all clear except Sophos. Running definitions 5.17 now.

    Edit: Our second ticket with Sophos resulted in an updated definition. Testing environment did not flag any detection. Had to make sure the manager had gotten the correct definitions and that it was pushing out to the clients.

    :58028
Children
No Data