I ran a simulation from Barkley which is their Stackhackr test tool. I used the payload where it simulates stealing personal info like credentials from active LSASS processes. Sophos Home missed the file and the behaviour components missed the simulated active process. this may need some further investigation since this looks like a serious vulnerability.
Here is the exact test file: *Malicious content Removed*
This thread was automatically locked due to age.