This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Home Premium - known malware not detected upon download / save file

Hello,

I occasionally receive those DHL delivery emails that can look just like the real thing, laden with malware attachments. From time to time I get real DHL deliveries so I may inspect these DHL emails carefully to see if they are genuine rather than just trashing them immediately.

I check carefully. Within the Outlook 365 client I click on "save attachments" and download into my "suspected malware" folder for further checking. Typically, Windows Defender or Norton would scan the download immediately. If it says it's clean, I would still upload the files manually to Virustotal to check further.

Today, with Sophos Home Premium now installed, in one of these emails, when I saved the attachments to check them, the downloaded files were not recognised as malware. I checked with Virustotal which confirmed that Sophos and 25 others know that they are malware. I then did a manual scan of these files with SHP (Sophos Home Premium) which at that point also detected the malware and removed it!

Why does SHP not detect this malware immediately when saving to the disk? I have default settings on, including real time scanning. I'd prefer SHM to be pro-active and not just rely on it taking remedial action if the malware is activated.

Another concern is that malware of this nature could potentially be forwarded to another person who has a different or weaker AV solution and I'd feel bad about forwarding it to them not knowing it's malware, if their data were to get wiped out by ransomeware as a consequence of my innocent action.

Is this lack of downoad detection an intended feature or a bug, or is limited to certain file types? The types were a PDF probably with a macro trojan downloader, and another was a compressed .ace file.

At this point I'm in two minds as to whether revert to Norton or not. I especially like the SHM safe browsing and keystroke encryption from the HitmanPro.alert integrated functionality, but I feel potentially exposed with the above issue, especially if PDFs or archive files are not automatically scanned on download - one day I may be tired and forget to check them manually for instance.

Thanks for clarifying.



This thread was automatically locked due to age.
Parents Reply Children
No Data