Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
Intercept X has removed a file. I whant to send it to Sophos Labs for analyzing. Where can I find it ? I do not whant to release it to get hold of it ;-)
When an item is detected, a Sophos internal utility called Sophos Clean is used to cleanup the item. Customers using Sophos Central have the ability to restore files after they have been cleaned up…
Are you wanted it analyzed because you think it is a false positive detection?
The reason I ask, is you shouldn't restore a file unless you are confident it isn't malicious. When you restore it, it is basically whitelisted for your environment.
Snr. New Product Introduction Engineer | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
No, that's why I asked. I don't want to restore it to the default location. I was just thinking if there is maybe a quarantine folder where all those files are kept. The file that we are talking about is a inf file and I am wondering what is in that file. I need to examine it because the fle name indicates it is indeed malicious. The name is "fuckgothin.inf". Google search led me to believe it is pulling stuff from an IP address.
Quarantined items are moved from SophosClean to the SafeStore which houses the unwanted/suspect data in an encrypted format. Files only can be restored/decrypted to their default location.
There are two SafeStore quarantine folders:
If you have Intercept X with EDR, you can do analysis also directly via Central. Maybe you just start a trial version if possible.
IntrususSophos Certified Engineer | Sophos Certified Technician
private lab: XG firewall with SFOS 18.0.3 MR-3Intercept X Advanced (for Server) with EDR EAP latest If a post solves your question use the 'Verify Answer' link