A lot of WMV files deleted since last weeks for unknow reason

Hi, 

Thanks for reaching out to us. 

As an immediate workaround, if you believe the files are clean/safe, it’s possible to create a file pattern exclusion so that the .wmv files aren’t cleaned up. I recommend adding the exclusion with the file location included so that you’re not white-listing .wmv files located anywhere. 

e.g.: C:\Users\<User>\Downloads\*.wmv

I recommend sending in one of the detected files using the following link so our team can make adjustments if needed. 
- Sample Submission

It’s possible to restore a file by navigating through Sophos Central to the device page in question to select the "Details" button on the detection event. If you don’t wish to restore the file, I recommend working with our support team to obtain the file from the Safestore. This is located at the following path. 

- C:\ProgramData\Sophos\Safestore\

Hello, yeserday it's a lot of MP3 files was deleted and the computer was marked as Outbreak event ! IT's never happen before. 

I already send a WMV files detected as virus yesterday to sample submission. Have i now to send an usual mp3 files for investigation? Have i to create a pattern files for usual WMV and MP3 files ? I don't understand why today all files are deleted . Why now? Why have i to do exclusion? 

FOr MP3 the message is Mal/ASFDldr-A'

If you are seeing unique detections for some of the files, I recommend sending these in as well for further analysis. As the detections have come up just recently, I suspect an update occurred to the detection engine which caused the files to get picked up. 

The specific detection "Mal/ASFDldr-A" corresponds to the following behaviour.
- The malicious files use Microsoft Media Player's scripting capability to open a web browser to an infected site instead of playing the video

In this situation, I do not recommend creating exclusions, you will need to send in a copy of the files stored in the "Safestore" directory. 

Hello, ok i sent sample file for further analysis :)

Based on the results our Sophos Labs team has shared, the files in question include a link containing a malicious URL. If the malicious URL were contacted previously, this would be detected right away. 

It sounds like these files remained dormant on your device for quite some time, but are now being detected following the updates to Sophos' detection engine.
To add some additional information, the new detection engine is almost entirely ML-based, as opposed to being signature-based. 

I recommend removing the detected files and running a full system scan to be sure that your system remains safe. 

Based on the results our Sophos Labs team has shared, the files in question include a link containing a malicious URL. If the malicious URL were contacted previously, this would be detected right away. 

It sounds like these files remained dormant on your device for quite some time, but are now being detected following the updates to Sophos' detection engine.
To add some additional information, the new detection engine is almost entirely ML-based, as opposed to being signature-based. 

I recommend removing the detected files and running a full system scan to be sure that your system remains safe.