This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intercept X - Multiple Threat Cases for Singular Detection

Does anyone else get 10+ threat cases created for a single detection? For example, Sophos picked up some phishing from Outlook and generated 10+ threat cases:

I don't think the user would try 10 times to open this email attachment. Anyone have any ideas why we'd see so many entries? Give or take it's a new one every ten minutes.

This thread was automatically locked due to age.

0 Shweta over 2 years ago

Hi alars15

I would suggest you run a full system scan and then try to find the source of infection if it helps. Please run this tool on the machine you are seeing the issue with.

Shweta

Community Support Engineer | Sophos Technical Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 alars15 over 2 years ago in reply to Shweta

I can see the source of the infection in the threat case. In this case it's an email attachment from a phishing email. My question is why do I get 15 threat cases generated for one detection?
Cancel
Vote Up 0 Vote Down

Cancel
0 RichardP over 2 years ago in reply to alars15

the first thing I would check is the hash of each file. Some phishing campaigns create a new file for each targeted user (unique file = unique hash) which would like like a new detection to the scanner and could cause multiple similar Threat Cases.

RichardP

Program Manager, Support Readiness | CISSP | Sophos Technical Support
Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel