Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 19 subscribers
  • Views 15392 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Uninfected md5.exe quarantined by Sophos

swhalen

Sophos Anit-Virus 7.6.17 installed here at work has quarantined my md5.exe utility as being part of something called Mal/EncPk-NS. 

I'm glad we got rid of Norton for Sophos, but if Sophos is so sloppy you brand every utility someone uses in their malware / virus kit as a program that needs to be quarantined, then something is wrong at Sophos.

I've verified that the md5.exe is itself not infected, but Sophos will not let me OK the file and let it out of quarantine.

If Sophos is going to blacklist every good program some idiot includes in a malware kit, then Sophos is going to become useless.

At least let me "authorize" it.

Help!

Steve

:1769


This thread was automatically locked due to age.
Parents
  • 0

    I've submitted the file to Sophos, but I think it had already been removed from your scans. 

    A VirusTotal.com report as of 4 March 2010 showed Sophos and Comodo and Rising as the only 3 of 42 Antivirus engines that thought this md5 utility is a virus.  I had VirusTotal rescan the file and now only Comodo (with an old virus database) has it on it's list.  Everyone else (including Sophos) has it as benign.

    Now how do I get my file out of quarantine?

    I used the "right click scan" to have Sophos re-scan the md5.exe file, but it's still in the quarantine list (the scan comes back clean now). 

    There doesn't seem to be any way to authorize or otherwise get a file out of quarantine.  What are we supposed to do when Sophos makes a mistake like this and quarantines something but then realizes the file is OK?

    Why doesn't a re-scan of the file Sophos is complaining about "set it free" and remove the quarantine status?

    The one thing I have NOT done is to tell the Quarantine to "clean up" the file.  Usually "clean up" means delete / move to secure location where I'll never see it again. 

    If I hit "clean up" on it's name in quarantine, will that remove it from the list without affecting the file itself (now that Sophos has figured out it's a OK file)?

    Thanks for the prompt replies and helpful information.  But I'm still stuck with a "good" file on the quarantine list.

    I'm still figuring out how to get along with Sophos.  I'm glad we switched from Symantec, and I'm not that concerned with this one file, but I want to know what to do if some part of a vertical market application has several files get quarantined on each of 50 machines. I want to know how I'll clean up the mess because it will happen sooner or later.

    Steve

    :1809
Reply
  • 0

    I've submitted the file to Sophos, but I think it had already been removed from your scans. 

    A VirusTotal.com report as of 4 March 2010 showed Sophos and Comodo and Rising as the only 3 of 42 Antivirus engines that thought this md5 utility is a virus.  I had VirusTotal rescan the file and now only Comodo (with an old virus database) has it on it's list.  Everyone else (including Sophos) has it as benign.

    Now how do I get my file out of quarantine?

    I used the "right click scan" to have Sophos re-scan the md5.exe file, but it's still in the quarantine list (the scan comes back clean now). 

    There doesn't seem to be any way to authorize or otherwise get a file out of quarantine.  What are we supposed to do when Sophos makes a mistake like this and quarantines something but then realizes the file is OK?

    Why doesn't a re-scan of the file Sophos is complaining about "set it free" and remove the quarantine status?

    The one thing I have NOT done is to tell the Quarantine to "clean up" the file.  Usually "clean up" means delete / move to secure location where I'll never see it again. 

    If I hit "clean up" on it's name in quarantine, will that remove it from the list without affecting the file itself (now that Sophos has figured out it's a OK file)?

    Thanks for the prompt replies and helpful information.  But I'm still stuck with a "good" file on the quarantine list.

    I'm still figuring out how to get along with Sophos.  I'm glad we switched from Symantec, and I'm not that concerned with this one file, but I want to know what to do if some part of a vertical market application has several files get quarantined on each of 50 machines. I want to know how I'll clean up the mess because it will happen sooner or later.

    Steve

    :1809
Children
No Data
Unfiltered HTML