Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 6 subscribers
  • Views 34419 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Detected Thread disappears

bawe

OS X Yosemite 10.10.2

Detected Thread Mal/RtfExe-A: Indicated by Sophos each 10 minutes on desktop, after clicking on "Quarantine Manager" it appears listed in. But by clicking for further measures the indication of the thread always disappears.

What's wrong here?

:1020162


This thread was automatically locked due to age.
  • 0

    I am getting the same thing with:

    Troj/DocDl-EQ

    It says threat detected, I open up Quarentine mgr, and it vanishes.

    :1020167
  • 0

    It's says Trojan, you authenticate to reveal in finder and vanishes, any ideas?

    :1020209
  • 0

     I didn't set on "Delete"; threads appear normally in the QM. 

    :1020218
  • 0

    The quarantine manager reguarlly re-scans files to see if they are still identified as a threat. The original purpose of this implementation was to ensure we give you the most accurate and up-to-date report possible. This could explain files disappearing, if the re-scan is now deciding that the file is clean. Can you tell me a bit more about the file in question that is causing this behavior? I'm interested to know what type of file is it, what detection was triggered originally, and what is the last modification date of the file. You can send this information to me directly if you'd prefer to not post it publicly.

    :1020245

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

  • 0

    Thanks Bob,

    This one file it kept doing it finally did disapper so now I don't have / remembert the name. Next this happens I come back with a file name for you.

    :1020249
  • 0

    Thanks Bob for your explanation! Unfortunately I dont know the original file because I can't identify it. It disappeared before ....

    :1020257
  • 0
    bawe wrote:

    Thanks Bob for your explanation! Unfortunately I dont know the original file because I can't identify it. It disappeared before ....

    You might find something in the scan log. If this is coming from the on-access scanner then check /Library/Logs/Sophos Anti-Virus.log. Hope that helps.

    :1020259

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

  • 0

    OK just happened, the file was TROJ-DOC-DI-Q

    May have one digit off but that the one that keep coming back,  open Quarantine and then vanishes.

    :1020272
  • 0

    I can't help but I have the same problem. A warning box pops up every 30 minutes or so telling me a virus has been found. If I open up Quaranteen Manager the vius is listed briefly and then it disappears. I have no idea how to fix this but it is getting tiresome now and very irritatating. I have no idea what to do or if I have a serious problem or not.  When I last looked I had Troj/DocDI-DS

    Hoping that the community can help.

    :1020276
  • 0
    kevs40 wrote:

    OK just happened, the file was TROJ-DOC-DI-Q

    May have one digit off but that the one that keep coming back,  open Quarantine and then vanishes.

    As you can imagine, its not obvious what is happening. An advanced diagnostics technique is to use "opensnoop" on the command line (Terminal) to observe what files are being opened by which applications (including our scanner).

    sudo opensnoop -ve

    Obviously I always recommend taking care whenever you run a command with sudo.

    A good tutorial about dtrace scripts can be found here: http://dtrace.org/blogs/brendan/2011/10/10/top-10-dtrace-scripts-for-mac-os-x/

    :1020324

    ---

    Bob Cook (bob.cook@sophos.com) Director, Software Development

Unfiltered HTML