Greetings,
I'm hoping to get a message to the devs that when you guys work on website enhancements to please consider changes to the sample submission process. It's very cumbersome right now.
I catch a number of malicious pieces of code per week that Sophos does not. My typical usage scenario/workflow would be something like this, although I can't go into great detail:
- Phishing email arrives with malicious attachment, passing through an email gateway that uses the Sophos engine for SMTP protection. Obviously malware that's already detected by you guys is filtered at this point, so I'm only dealing with stuff that failed to be detected at the time.
- Malware is heuristically detected using 3rd party tool after email has been delivered (or detected by some other means.) I'm not able to go into great details about the tools we use, but they're quite accurate.
- I'll take the malware sample to VirusTotal or analyze in a sandbox tool. Often there is corroborating evidence from other anti-malware products detect that the sample is indeed malicious.
So then I bring the sample back to you guys and submit via the online form. Here's where it gets slow.
All I really want to do is upload the sample with a quick note about why I believe you guys should inspect the sample-- I understand that you don't want to be flooded with benign samples, but if I'm sending it in, I have some expectation that it's not safe already.
However, I'm forced to input my contact info, and licensing info every time. I wouldn't mind doing this once and then remain signed in, but that's not possible. Every day I have to reenter the contact info. If I have multiple samples to submit, I have to re-submit my full contact info each time-- even though you JUST COLLECTED THIS INFORMATION right before I hit the "submit another sample" button. Collecting the info once per session seems to be the highest frequency necessary.
Additionally it doesn't really make sense for me to select the operating system of the endpoint, and the fact that it's in a drop-down box that then requires a 2nd drop down selection that appears after the first is filled out is very cumbersome. I'm catching 99% of these at the perimeter/mail server, so it doesn't really matter what the endpoint's OS is. I may not even know, to be completely honest. I just fill in something to fill something in, and the 2nd drop-down box makes it more obnoxious. If there's a way to just omit the endpoint OS easily when it doesn't pertain to me, that would be great.
Thanks for taking time to read this complaint/comment and if this gets to the Powers that Be for discussion, I'd greatly appreciate it.
This thread was automatically locked due to age.
