Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 31 replies
  • Subscribers 17 subscribers
  • Views 13206 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Metasploit downloaded and installed - nothing from Sophos endpoint

LHerzog

An admin downloaded and installed metasploit framework on a Linux Server with Intercept-X installed.

Nothing happened from the Sophos side.

I expected it to detect and alert at least a PUA we then need to whitelist.

As a further test I did a download of metasploit framework for windows on a windows machine. Sophos Firewall did not detect any threat. Further I did not install metasploit but did the right click scan with Sophos EP.

Nothing happened again.

I think it's strange that you allow a tool that can pentest your internal network without any notice.

Linux Server:

Windows EP:



This thread was automatically locked due to age.
  • +1 in reply to LHerzog

    whoever may find this:

    The issue that the AV plugin was not installed automatically was caused by our server update base policy in central. we have enabled a day and time for updates.This causes a bug situation with the installer script.

    most customers may have this unset, so it works.

    the workaround for us is currently:

    re-install over the existing installation ./SophosSetup.sh --products=antivirus 

    I'm glad that Sophos is going to have this fixed soon as regarding to the support case.

Unfiltered HTML