This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos is detecting Parallels file prl_vm_app as ransomware

Dear all,
For months I have had the Problem that Sophos running under Applie IOS classifies prl_vm_app as ransomware. This means that shared folders are disconnected. After reboot, the machine sometimes works again but is very slow. For example, it often takes seconds to talk keyboard inputs.

The file resulting in a detection is prl_vm_app with the path:

#> ls -l prl_vm_app-rwxr-xr-x 1 root wheel 16885312 26 Jul 12:58 prl_vm_app*
and sum is 52440

I'm running Linux Fedora 30 as guest with kernel 5.2.5 and MacOs10.15.

The problem started first after I applied a kernel path
and I thought this might be the reason for the detection. However, I returned to my old 5.2.5 kernel, but the problem is still there.

I could not accept the error in the virus scanner since this is a machine from a research institute where I do not have permission to ignore the detection. As a reult my processing Linux machine is virtually not usable any more. It would be interesting to know how to find out if this is a false detection or not.

I'm aware that other Parallel programs were already detected wrongly by Sophos, but could not find anything about prl_vm_app. Any suggestions and help is appreciated since this behavior virtually switches off all my virtual Boxes.


This thread was automatically locked due to age.