Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 19 subscribers
  • Views 15388 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Uninfected md5.exe quarantined by Sophos

swhalen

Sophos Anit-Virus 7.6.17 installed here at work has quarantined my md5.exe utility as being part of something called Mal/EncPk-NS. 

I'm glad we got rid of Norton for Sophos, but if Sophos is so sloppy you brand every utility someone uses in their malware / virus kit as a program that needs to be quarantined, then something is wrong at Sophos.

I've verified that the md5.exe is itself not infected, but Sophos will not let me OK the file and let it out of quarantine.

If Sophos is going to blacklist every good program some idiot includes in a malware kit, then Sophos is going to become useless.

At least let me "authorize" it.

Help!

Steve

:1769


This thread was automatically locked due to age.
Parents
  • 0

    Hi Steve,

    You should note that the quarantine manager in Sophos is not a physical place, it is more a list of items that have been found. In SAV7 this list is not dynamic, in SAV9 it's much smarter, SAV9.5 (currently in beta - see our website for more details)  can do remote lookups to Sophos to double-check file status and as per your example; automatically remove detection in the event of a false-pos.

    The "clear from list" option is in the quarantine manager, below the items detected, next to the select all/deselect all buttons. In your EM Console you can clear the items by acknowledging them, again in SAV9 this is considerably easier due to the better synchronisation between the two.

    Files that are submitted to the labs are often added to a our huge database of files for feature false-pos testing.

    Regards,

    Andy

    P.S.

    It is free to upgrade to EM Console 4 and SAV9 if you have an active licence.

    :1852
Reply
  • 0

    Hi Steve,

    You should note that the quarantine manager in Sophos is not a physical place, it is more a list of items that have been found. In SAV7 this list is not dynamic, in SAV9 it's much smarter, SAV9.5 (currently in beta - see our website for more details)  can do remote lookups to Sophos to double-check file status and as per your example; automatically remove detection in the event of a false-pos.

    The "clear from list" option is in the quarantine manager, below the items detected, next to the select all/deselect all buttons. In your EM Console you can clear the items by acknowledging them, again in SAV9 this is considerably easier due to the better synchronisation between the two.

    Files that are submitted to the labs are often added to a our huge database of files for feature false-pos testing.

    Regards,

    Andy

    P.S.

    It is free to upgrade to EM Console 4 and SAV9 if you have an active licence.

    :1852
Children
No Data
Unfiltered HTML