PUA detected: 'SpiGot'

Hello Amit Thakur,

with 100 to 150 machines you're likely not referring to a Free Tool, aren't you?

Anyway, you can see from the analysis that the detection has been updated on September 29th, it could be gung-ho or it could be right. The path suggests it's loaded as extension in Chrome. As it's classified as Potentially Unwanted Application it's up to you to decide whether it's actually unwanted or not.

Christian

No i'm not referring to a Free Tool here

But also simply we can't ignore the alert as it is coming under Adware category. After the scheduled scan we can still see the PUA alert.

Let us know apart from clearing it what else we can do to find it out how it came so sudden in more than 100+ machines or if any suggestions to proceed with regarding this PUA

Thanks

No i'm not referring to a Free Tool here

But also simply we can't ignore the alert as it is coming under Adware category. After the scheduled scan we can still see the PUA alert.

Let us know apart from clearing it what else we can do to find it out how it came so sudden in more than 100+ machines or if any suggestions to proceed with regarding this PUA

Thanks

Hello Amit Thakur,

[disclaimer: I'm not Sophos]
how it came so sudden
as said, the detection has been amended over the weekend and might now be more "sensitive" and trigger on items that were already on the machines for some time but not considered as belonging to SpiGot. Or some extension (the one with 2.2_0) evolved (i.e. perhaps updated itself), is now resembling SpiGot and the updated detection is in response to this change.

Christian 

I started getting these alerts over the weekend as well.  So far, I have determined at least some of them to be caused by a "Email Login Now" extension in Chrome.

https://chrome.google.com/webstore/detail/login-email-now/peegdljcadadeiekblkbdgipoemgkkmi

The extension is not needed so we have opted to let Sophos remove.