Metasploit downloaded and installed - nothing from Sophos endpoint

Question

An admin downloaded and installed metasploit framework on a Linux Server with Intercept-X installed. 
 Nothing happened from the Sophos side. 
 I expected it to detect and alert at least a PUA we then need to whitelist. 
 As a further test I did a download of metasploit framework for windows on a windows machine. Sophos Firewall did not detect any threat. Further I did not install metasploit but did the right click scan with Sophos EP. 
 Nothing happened again. 
 I think it's strange that you allow a tool that can pentest your internal network without any notice. 
 Linux Server: 
 
 Windows EP:

LHerzog · Accepted Answer

whoever may find this: 
 The issue that the AV plugin was not installed automatically was caused by our server update base policy in central. we have enabled a day and time for updates.This causes a bug situation with the installer script. 
 most customers may have this unset, so it works. 
 
 the workaround for us is currently: 
 re-install over the existing installation ./SophosSetup.sh --products=antivirus 
 
 I'm glad that Sophos is going to have this fixed soon as regarding to the support case.

Metasploit downloaded and installed - nothing from Sophos endpoint

Top Replies