Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ransomware detection failed ? (Intercept X Enpoint)

PROBLEM SOLVED: see my Post below

I wanted to test ransomware detection inside a VM (network disconnected).

I tried the Thanos ransomware: the malware was detected while unpacking a zip containing the malware -> ok fine
Then I disabled real-time file scanning (within the endpoint client). However, ransomware detection and all other features were still active. In this configuration I was able to unpack and run the malware. The malware ran for several minutes and then all files were encrypted. There was no alert or other response from Sophos Endpoint Protection.
Why didn't Sophos detect this (old) ransomware? Do features like ransomware detection rely on real-time scanning, or does ransomware detection require the internet?

Has anyone tried to explicitly test the ransomware?

best regards,

(I downloaded the malware form "theZoo")

This thread was automatically locked due to age.
Parents Reply

    In my test-VM I hade only two regulars files within Desktops/Deocuments/Pictures/... I tested again while having few more files in those directories, in this scenario Sopohs detected the ransomware (even when real-time scannig was deactived) and the original files where restored (very quickly and automatically).
    I made the test again without network connection and it worked nevertheless.

No Data