Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 6 subscribers
  • Views 34431 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Detected Thread disappears

bawe

OS X Yosemite 10.10.2

Detected Thread Mal/RtfExe-A: Indicated by Sophos each 10 minutes on desktop, after clicking on "Quarantine Manager" it appears listed in. But by clicking for further measures the indication of the thread always disappears.

What's wrong here?

:1020162


This thread was automatically locked due to age.
Parents
  • 0

    Thank you for your reply.

    Yes, TimeMachine is in use and yes, the hourly mount/dismount of TimeMachine volume and even temporily TImeMachine volume that is kept local can and will have the malware. Perhaps that is what is causing the issue. I had wondered if it was only TimeMechine and has pretty much concluded that while is does contain an addition copy of the malware triggering file, I was not sure it was the only cause.

    I turned off TimeMachine for the last test and the malware was found on the local (staged or temporary ) TimeMachine repo. I have not yet attempted to delete this repo or turn off TimeMachine local activity.

    From a design perspective, it is very disconcerting to experiment a malwale that "hiddens itself" as soon as you tried to remove or expose it with the Sophos Mac Anti-Virus product. It fosters mistrust of the software, and I believe should be fixed. The fix is to store the location of the Malware at the point is it discovered ( the full path ) and not to have it "disappear" when a person clicks on the reference to see what it is all about. Second best would be to log the full discovery of the malware with the full information at the time it is found in a way that is clear to at least an experience user.

    :1020381
Reply
  • 0

    Thank you for your reply.

    Yes, TimeMachine is in use and yes, the hourly mount/dismount of TimeMachine volume and even temporily TImeMachine volume that is kept local can and will have the malware. Perhaps that is what is causing the issue. I had wondered if it was only TimeMechine and has pretty much concluded that while is does contain an addition copy of the malware triggering file, I was not sure it was the only cause.

    I turned off TimeMachine for the last test and the malware was found on the local (staged or temporary ) TimeMachine repo. I have not yet attempted to delete this repo or turn off TimeMachine local activity.

    From a design perspective, it is very disconcerting to experiment a malwale that "hiddens itself" as soon as you tried to remove or expose it with the Sophos Mac Anti-Virus product. It fosters mistrust of the software, and I believe should be fixed. The fix is to store the location of the Malware at the point is it discovered ( the full path ) and not to have it "disappear" when a person clicks on the reference to see what it is all about. Second best would be to log the full discovery of the malware with the full information at the time it is found in a way that is clear to at least an experience user.

    :1020381
Children
No Data
Unfiltered HTML