Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 19 subscribers
  • Views 15390 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Uninfected md5.exe quarantined by Sophos

swhalen

Sophos Anit-Virus 7.6.17 installed here at work has quarantined my md5.exe utility as being part of something called Mal/EncPk-NS. 

I'm glad we got rid of Norton for Sophos, but if Sophos is so sloppy you brand every utility someone uses in their malware / virus kit as a program that needs to be quarantined, then something is wrong at Sophos.

I've verified that the md5.exe is itself not infected, but Sophos will not let me OK the file and let it out of quarantine.

If Sophos is going to blacklist every good program some idiot includes in a malware kit, then Sophos is going to become useless.

At least let me "authorize" it.

Help!

Steve

:1769


This thread was automatically locked due to age.
Parents
  • 0

    Hi Steve,

    Exactly as Christian mentioned you will need to send a sample of this file to the Labs here at Sophos. They will then be able to double-check the file is clean and release an IDE to fix the detection for it.

    The IDE will then be downloaded via the normal update mechanisms and resolve the detection issue on any/all of your machines.

    I recommend using the form:

    https://secure.sophos.com/support/samples

    You may find that the file gets blocked when trying to upload it, in which case you will need to disable your on-access scanner while you do so.

    Regards,

    Andy

    Sophos Technical Support

    P.S. Items detected as a PUA (Potentially Unwanted Application), SUS or HIPS are the only ones that can be authorised.

    :1786
Reply
  • 0

    Hi Steve,

    Exactly as Christian mentioned you will need to send a sample of this file to the Labs here at Sophos. They will then be able to double-check the file is clean and release an IDE to fix the detection for it.

    The IDE will then be downloaded via the normal update mechanisms and resolve the detection issue on any/all of your machines.

    I recommend using the form:

    https://secure.sophos.com/support/samples

    You may find that the file gets blocked when trying to upload it, in which case you will need to disable your on-access scanner while you do so.

    Regards,

    Andy

    Sophos Technical Support

    P.S. Items detected as a PUA (Potentially Unwanted Application), SUS or HIPS are the only ones that can be authorised.

    :1786
Children
No Data
Unfiltered HTML