Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1559 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Should Sophos detect DNSChanger

StephenP3
Does Sophos detect the much publicised DNSChanger malware? We discovered one of our servers to be infected this morning and our MSP is claiming it's not detectable by standard antivirus. As far as I'm concerned, the presence of this one piece of malware could be indicative of a more widespread problem Knowing whether Sophos detects DNSChanger, and if it does how long it has, would be a massive help. Thanks.
:26845


This thread was automatically locked due to age.
Parents
  • 0

    Thanks for the response. If you allow some further comments ...

    our antivirus solution is managed by our managed service provider [...] They claim that the malware is / was undetectable by our antivirus

    Sounds like they don't like Sophos :smileytongue: - or are at least indifferent. 

    Can't really guess what's included in managed. If I would find some (alleged) infection I'd take it to Sophos Support immediately and (perhaps with their help) assess the situation. If there's an active component I'd try to obtain a sample and send it in. Most of the time Often you don't know how you contracted this something. Thus if your AV is from vendor A and you used a tool from vendor B to remove this something you are still unprotected against this threat (unless someone else sends a sample to A or A happens to acquire it by other means - not all vendors exchange samples).

    Maybe I'm misunderstanding what you've said, but you've had something, your solution didn't catch it, we've taken care of it sounds a little bit, err, dogmatic. If they think another solution (perhaps the one they use) is better or preferable and they only reluctantly support "others" they should say so. As I said, I might be wrong - but I've seen/heard "we usually do A, B and C, or if you insist we can also do D (but actually we like A best)" more than once. Long term it doesn't really turn out all right for any party.

    Just my two cents

    Christian       

    :26875
Reply
  • 0

    Thanks for the response. If you allow some further comments ...

    our antivirus solution is managed by our managed service provider [...] They claim that the malware is / was undetectable by our antivirus

    Sounds like they don't like Sophos :smileytongue: - or are at least indifferent. 

    Can't really guess what's included in managed. If I would find some (alleged) infection I'd take it to Sophos Support immediately and (perhaps with their help) assess the situation. If there's an active component I'd try to obtain a sample and send it in. Most of the time Often you don't know how you contracted this something. Thus if your AV is from vendor A and you used a tool from vendor B to remove this something you are still unprotected against this threat (unless someone else sends a sample to A or A happens to acquire it by other means - not all vendors exchange samples).

    Maybe I'm misunderstanding what you've said, but you've had something, your solution didn't catch it, we've taken care of it sounds a little bit, err, dogmatic. If they think another solution (perhaps the one they use) is better or preferable and they only reluctantly support "others" they should say so. As I said, I might be wrong - but I've seen/heard "we usually do A, B and C, or if you insist we can also do D (but actually we like A best)" more than once. Long term it doesn't really turn out all right for any party.

    Just my two cents

    Christian       

    :26875
Children
No Data