Sophos 9.4 keeps detecting PsExec but nothing shows up in quarantine manager.
Here's what shows up in the log ...
com.sophos.intercheck: 2015-09-25 08:57:38 -0500 PUA: 'PsExec' (Hacking tool) detected in
com.sophos.intercheck: Access to the file denied
com.sophos.intercheck:
When I pull up the quarantine manager it briefly shows that PsExec was detected, but quickly says nothing is in the quarantine.
Any suggestions?
Thanks!
Hey fallingrock,
Sorry about the slow reply on this. What's happening here is that psexec is being detected as a PUA (potentially unwanted app).
If you want to allow this on your mac, you'll need to authorize it. I've included instructions below for that.
I just tested it, and it worked for me.
1. Download psexec. Psexec will get flagged by SAV. Click "Open quarantine manager."
2. In QM you should see the following:
3.. Highlight the file and click on Authorize at the bottom right
3. Repeat this step for any additional files that are detected. I had to authorize 3 files total to allow PSExec.
4. Now open preferences > authorization you will see two applications, and Psexec should no longer be flagged by SAV.
Hopefully that answers your question, but let me know if you need anything else!
Hey fallingrock,
Sorry about the slow reply on this. What's happening here is that psexec is being detected as a PUA (potentially unwanted app).
If you want to allow this on your mac, you'll need to authorize it. I've included instructions below for that.
I just tested it, and it worked for me.
1. Download psexec. Psexec will get flagged by SAV. Click "Open quarantine manager."
2. In QM you should see the following:
3.. Highlight the file and click on Authorize at the bottom right
3. Repeat this step for any additional files that are detected. I had to authorize 3 files total to allow PSExec.
4. Now open preferences > authorization you will see two applications, and Psexec should no longer be flagged by SAV.
Hopefully that answers your question, but let me know if you need anything else!
