This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Intercept X identified fsquirt.exe as ransomware and then all traces of the alert are gone?

We received a high alert on one of our workstations. The user was transferring files from their phone via Bluetooth. 

CryptoGuard detected ransomware in C:\Windows\System32\fsquirt.exe

 

We ran a scan and it came up clean. There's nothing in the events or detections history related to this alert.  I'm confused. False positive? We cut the machine off as soon as the alert popped up. I ran scans with some other tools. Everything came out clean and fsquirt.exe is the original file.



This thread was automatically locked due to age.