Hi, guys
Does anybody experience in file recovery that have been cleaned by sophos intercept X, actually I’m working on POC right now and one of my client’s application suspected as PUA, based on our intercept X behaviour, the file will be recover after we allow it in the event details, but it doesn’t work the file doesn’t come back.
I have check in the clean log and I found out an error like this Failed to open "C:\Users\AHADI-ITSECURITY\Downloads\AUTOUPD_CRB.exe": error 2 and I have checked on log scan and found out an error also Failed to add target: origin=2, ref_file=C:\ProgramData\Sophos\Clean\Drop\scan_request_A92709A6-652D-49E0-B537-35C16CF5FBF5.json, ref_id=661F92D8-DA4B-4DA0-82BD-44566CB07D73_DB5BA3B5-115E-43DA-8017-4417F2DEA4FD, result=3 and the last one when I want to check the .json file the file doesn’t exist in the drop folder.
what I want to ask is, what does the error mean and whether the file can be returned? If can, what is the way to bring back the file?
regards
This thread was automatically locked due to age.
