Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
Sophos Endpoint is detecting a CryptoGuard detected ransomware in C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2302.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe
I am unsure of the reason behind this detection and would appreciate your help in resolving this issue.
Hi TareK ,
Thank you for reaching out to the Sophos Community Forum. Would you be able to confirm what occurred on the device at the time of this detection? Was the application being used to download or share files?
After finding out what occurred on the device, and if you trust the application, you may apply the exclusions provided in the following article: https://support.sophos.com/support/s/article/KB-000039184?language=en_US
Let me know if this helps.
I think Sophos has to go "back to the drawing board" for this one in combination with whatsapp. We are running into the same issue, it seems that it triggeres onthe ".enc" files created by whatsapp which are indeed encrypted files
c:\users\???\appdata\local\packages\5319275a.whatsappdesktop_cv1g1gvanyjgm\ac\inetcache\a3h2z7d7\file[2].encc:\users\???\appdata\local\packages\5319275a.whatsappdesktop_cv1g1gvanyjgm\ac\inetcache\a3h2z7d7\file[3].encc:\users\???\appdata\local\packages\5319275a.whatsappdesktop_cv1g1gvanyjgm\ac\inetcache\a3h2z7d7\file[4].encc:\users\???\appdata\local\packages\5319275a.whatsappdesktop_cv1g1gvanyjgm\ac\inetcache\kvz4lscj\file[1].encc:\users\???\appdata\local\packages\5319275a.whatsappdesktop_cv1g1gvanyjgm\ac\inetcache\kvz4lscj\file[2].encc:\users\???\appdata\local\packages\5319275a.whatsappdesktop_cv1g1gvanyjgm\ac\inetcache\kvz4lscj\file[3].encc:\users\???\appdata\local\packages\5319275a.whatsappdesktop_cv1g1gvanyjgm\ac\inetcache\kvz4lscj\file[4].encc:\users\???\appdata\local\packages\5319275a.whatsappdesktop_cv1g1gvanyjgm\ac\inetcache\toouzvtr\file[1].encc:\users\???\appdata\local\packages\5319275a.whatsappdesktop_cv1g1gvanyjgm\ac\inetcache\toouzvtr\file[2].encc:\users\???\appdata\local\packages\5319275a.whatsappdesktop_cv1g1gvanyjgm\ac\inetcache\toouzvtr\file[3].encc:\users\???\appdata\local\packages\5319275a.whatsappdesktop_cv1g1gvanyjgm\ac\inetcache\toouzvtr\file[4].encc:\users\???\appdata\local\packages\5319275a.whatsappdesktop_cv1g1gvanyjgm\ac\inetcache\toouzvtr\file[5].enc
however it feels like a bit far fetched to let all customers create exclusions , and this is impossible also since then it will be whitelisted on
Application
PathC:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2310.3.0_x64__cv1g1gvanyjgm\WhatsApp.exe
and if a new version comes out the whitelisting wont be working anymore
Gladys
Hi Martijn,
I suggest trying the Cumulative Hotfix package to see if this has any improvements. - Intercept X Advanced and Sophos Exploit Prevention cumulative hotfix
If the problem continues to persist, you may need to open a support case for our team to take a closer look into this issue.