Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 12 subscribers
  • Views 3988 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cryptoguard detect Ransomware in Explorer.exe

pfeffex

Hi everyone, can some explain what happened here? Is this a false\positive message?





This thread was automatically locked due to age.
  • 0

    Hello pfeffex,

    Thank you for reaching out to the Sophos Community. 

    At first glance, this detection does appear to be a false positive. To elaborate, the "WBH" indication in the detection info here stands for "Write Based Header". This means that the file headers were re-written in a way where the resulting file no longer matches the originating file, this is likely why the detection came up.

    Do you know if the method used to copy the file is encrypting or modifying the data before transmitting it? 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Unfiltered HTML