This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Home Misses a Simulation

I ran a simulation from Barkley which is their Stackhackr test tool. I used the payload where it simulates stealing personal info like credentials from active LSASS processes. Sophos Home missed the file and the behaviour components missed the simulated active process. this may need some further investigation since this looks like a serious vulnerability.

 

Here is the exact test file: *Malicious content Removed*



This thread was automatically locked due to age.
Parents Reply Children
  • Hey, I agree with the reason on why you removed the link. I wiuld just like to clarify that the file is not in any way malicious. It is only a harmless file that SIMULATES malicious attacks such as file-less ransomware or credential theft through LSASS processes. I have tested Sophos with the file-less ransomware vector which Sophos correctly detects and blocks. Sophos did fail the credential theft scenario, and this is why I posted about it in the first place. Hope this clarifies anything.

    How It Works:

  • Hi Enrick Ordono,

    I understand that the intention of the application is not to actually perform the malicious attack and instead just simulate it. But its hard for the Anti-virus to differentiate it and hence it will be treated as malicious until we raise a false positive for the detection.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.