This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ransomware detection failed ? (Intercept X Enpoint)

PROBLEM SOLVED: see my Post below

I wanted to test ransomware detection inside a VM (network disconnected).

I tried the Thanos ransomware: the malware was detected while unpacking a zip containing the malware -> ok fine
Then I disabled real-time file scanning (within the endpoint client). However, ransomware detection and all other features were still active. In this configuration I was able to unpack and run the malware. The malware ran for several minutes and then all files were encrypted. There was no alert or other response from Sophos Endpoint Protection.
Why didn't Sophos detect this (old) ransomware? Do features like ransomware detection rely on real-time scanning, or does ransomware detection require the internet?

Has anyone tried to explicitly test the ransomware?

best regards,

(I downloaded the malware form "theZoo")

This thread was automatically locked due to age.
Parents Reply
  • Hello Bernard, 

    Thank you for sharing the said information. To further check the situation, can you raise a support case through our support portal and share below details to the case,

    * Exact steps you perform to run the malware.
    * Sample file of the malware you've used. (In this case, you can zip the sample file and attach it through the case.)

    Once created, kindly share with us the case ID so we can monitor the status of the case. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids