During an active malware incident, our tool of choice remains Live Discover (information gathering) and Live Response (taking action). You can refer to our Community Page for a wealth of useful queries that can be modified according to your needs.
A few select queries that incident responders generally use are the following:
We also have the following collection of Sophos created tools and documentation:
In addition to the above, we have curated a small list of essential tools that often assist us in hunting for threats on an allegedly compromised machine.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.