Sophos Home Misses a Simulation

Question

I ran a simulation from Barkley which is their Stackhackr test tool. I used the payload where it simulates stealing personal info like credentials from active LSASS processes. Sophos Home missed the file and the behaviour components missed the simulated active process. this may need some further investigation since this looks like a serious vulnerability. 
 
 Here is the exact test file: *Malicious content Removed*

Vikas · Accepted Answer

Hi Enrick, 
 Thank you for sharing this information. We encourage people to test our products and give feedback. 
 I have checked this utility and would have to say that it's not a fair test to be honest. If the test is indeed passing, I would expect the developer to give some sort of proof that they were able to extract some/all the information in the LSASS memory space, but in this case there's only a test e-mail page. 
 I have thoroughly tested our Credential Theft Protection module around a case wherein I fired a series of attacks on LSASS remotely using Kali Linux and they all failed to give me something useful. 
 We even recently published a KBA - Sophos Intercept X: How to deal with CredGuard Detection 
 I'm more than happy to check any other test that our product may be failing at! Feel free to PM me anytime. 
 Thanks, 
 Vikas

Gowtham Mani · Answer

Hi Enrick Ordono, 
 ** I have edited your post to remove the downloadable link for the malware sample file. 
 I checked the sample that you provided and I can assure you that it will be detected by Sophos Home as " Troj/MSIL-KAD ". You can find the details in VirusTotal link result for the sample that you provided. 
 Note: If you believe you have any malware samples that is not being detected, you can submit it to Sophos Labs or open a home ticket from your Sophos Home Dashboard .