Free Tools

Discussions PUA detected: 'SpiGot'

Free Tools requires membership for participation - click to join

Thread Info

State Suggested Answer
+1 person also asked this people also asked this
Locked Locked
Replies 21 replies
Answers 1 answer
Subscribers 14 subscribers
Views 60327 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PUA detected: 'SpiGot'

Berzerk over 5 years ago

Hi

We have received multiple PUA's on 100 to 150 machines. The detected files are basically java script examples : after.js and background.js

please find the example : PUA detected: 'SpiGot' at 'C:\Users\k113899\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lbpcfgdgiemlcaggjhjcinhblflmgdlj\2.2_0\after.js'

These detection's came in off business hours and today we might see more users with the same alert.

So my question is did this alert triggered from Sophos end ?

This thread was automatically locked due to age.

Parents

0 Gowtham Mani over 5 years ago

Hi Amit Thakur,

Could you help me with the Sophos product that you are using?

As already mentioned, there was a new definition update pushed on 29th Sep for a similar/same file (You can verify the file from the VirusTotal link). This new definition classifies the file as PUA, which could have resulted in multiple detections over the endpoints. Sophos Clean should have been able to clear it

Regards,

Gowtham Mani
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Berzerk over 5 years ago in reply to Gowtham Mani

Hi ,

We are using

Endpoint Advanced Protection

Intercept X

when checked manually the file was not their on users machine. Could you provide more detailed info on the new definition released and for which product ?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Berzerk over 5 years ago in reply to Gowtham Mani

Hi ,

We are using

Endpoint Advanced Protection

Intercept X

when checked manually the file was not their on users machine. Could you provide more detailed info on the new definition released and for which product ?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 QC over 5 years ago in reply to Berzerk

Hello Amit Thakur,

[I'm not Sophos]
more detailed info
what kind of details would you need? As it is a PUA detection it has been made by the Endpoint component. PUA detections aim to identify a certain application by specific distinct characteristics, details would be too technical to be of use. The same definitions are used for all products.

not there on users machine
what happened after the detection depends on the type of scan. PUAs can be removed with scheduled scans, On-Access scanning only blocks them. The machine's Anti-Virus log (SAV.txt) should tell what action has been performed.

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 Gowtham Mani over 5 years ago in reply to Berzerk

Hi Amit Thakur,

I would suggest you to open a case with our support for further details on the definition that was updated and to confirm if the new definitions caused these detections.

Regards,

Gowtham Mani
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel