Thread Info
  • Locked Locked
  • Replies 3 replies
  • Subscribers 13 subscribers
  • Views 26109 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Safeguard detected as ransomware

gdriggs

We have this on several systems so I'm surprised this is the first time it has come up:
"CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe"

Please let me know if anyone wants SDU output from the system this fired on. I've currently listed it as a global scanning exception along with C:\ProgramData\Utimaco\SafeGuard Enterprise\LocalCache. Should I put one in for c:\program files (x86)\sophos\safeguard enterprise\client\ as well?

-Gary



This thread was automatically locked due to age.
Parents

  • The exception is not working -- it keeps getting overridden:

    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:23:16-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:20:30-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:20:14-07:00
    Policy non-compliance: Device Control 2016-09-14T17:19:38-07:00
    Policy non-compliance: Tamper Protection 2016-09-14T17:19:38-07:00
    Policy non-compliance: Application Control 2016-09-14T17:19:38-07:00
    Policy non-compliance: Malware Protection 2016-09-14T17:19:38-07:00
    Real time protection disabled 2016-09-14T17:19:38-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:18:02-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:16:44-07:00
    Policy in compliance: Device Control 2016-09-14T17:16:39-07:00
    Policy in compliance: Tamper Protection 2016-09-14T17:16:39-07:00
    Policy in compliance: Application Control 2016-09-14T17:16:39-07:00
    Policy in compliance: Malware Protection 2016-09-14T17:16:39-07:00
    Real time protection re-enabled 2016-09-14T17:16:39-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:11:33-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:11:24-07:00
    Policy non-compliance: Device Control 2016-09-14T17:10:47-07:00
    Policy non-compliance: Tamper Protection 2016-09-14T17:10:47-07:00
    Policy non-compliance: Application Control 2016-09-14T17:10:47-07:00
    Policy non-compliance: Malware Protection 2016-09-14T17:10:47-07:00
    Real time protection disabled 2016-09-14T17:10:47-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:08:41-07:00
    Policy in compliance: Device Control 2016-09-14T17:08:22-07:00
    Policy in compliance: Tamper Protection 2016-09-14T17:08:22-07:00
    Policy in compliance: Application Control 2016-09-14T17:08:22-07:00
    Policy in compliance: Malware Protection 2016-09-14T17:08:22-07:00
    Real time protection re-enabled 2016-09-14T17:08:22-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:08:17-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:07:06-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:06:50-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:05:34-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:05:17-07:00
    Policy non-compliance: Device Control 2016-09-14T17:04:43-07:00
    Policy non-compliance: Tamper Protection 2016-09-14T17:04:43-07:00
    Policy non-compliance: Application Control 2016-09-14T17:04:43-07:00
    Policy non-compliance: Malware Protection 2016-09-14T17:04:43-07:00
    Real time protection disabled 2016-09-14T17:04:43-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T15:36:11-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T15:35:24-07:00
    Policy in compliance: Device Control 2016-09-14T15:35:15-07:00
    Policy in compliance: Tamper Protection 2016-09-14T15:35:15-07:00
    Policy in compliance: Application Control 2016-09-14T15:35:15-07:00
    Policy in compliance: Malware Protection 2016-09-14T15:35:15-07:00
    Real time protection re-enabled 2016-09-14T15:35:15-07:00
    Policy non-compliance: Device Control 2016-09-14T15:34:33-07:00
    Policy non-compliance: Tamper Protection 2016-09-14T15:34:33-07:00
    Policy non-compliance: Application Control 2016-09-14T15:34:33-07:00
    Policy non-compliance: Malware Protection 2016-09-14T15:34:33-07:00
    Real time protection disabled 2016-09-14T15:34:33-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T15:33:54-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T15:32:31-07:00
    Policy in compliance: Device Control 2016-09-14T15:32:00-07:00
    Policy in compliance: Tamper Protection 2016-09-14T15:32:00-07:00
    Policy in compliance: Application Control 2016-09-14T15:32:00-07:00
    Policy in compliance: Malware Protection 2016-09-14T15:32:00-07:00
    Real time protection re-enabled 2016-09-14T15:32:00-07:00
    Policy non-compliance: Device Control 2016-09-14T15:31:38-07:00
    Policy non-compliance: Tamper Protection 2016-09-14T15:31:38-07:00
    Policy non-compliance: Application Control 2016-09-14T15:31:38-07:00
    Policy non-compliance: Malware Protection 2016-09-14T15:31:38-07:00
    Real time protection disabled 2016-09-14T15:31:38-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T15:28:24-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T15:27:53-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    Policy non-compliance: Device Control
    Policy non-compliance: Tamper Protection
    Policy non-compliance: Application Control
    Policy non-compliance: Malware Protection
    Real time protection disabled
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    Policy in compliance: Device Control
    Policy in compliance: Tamper Protection
    Policy in compliance: Application Control
    Policy in compliance: Malware Protection
    Real time protection re-enabled
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    Policy non-compliance: Device Control
    Policy non-compliance: Tamper Protection
    Policy non-compliance: Application Control
    Policy non-compliance: Malware Protection
    Real time protection disabled
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    Policy in compliance: Device Control
    Policy in compliance: Tamper Protection
    Policy in compliance: Application Control
    Policy in compliance: Malware Protection
    Real time protection re-enabled
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    Policy non-compliance: Device Control
    Policy non-compliance: Tamper Protection
    Policy non-compliance: Application Control
    Policy non-compliance: Malware Protection
    Real time protection disabled
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    Policy in compliance: Device Control
    Policy in compliance: Tamper Protection
    Policy in compliance: Application Control
    Policy in compliance: Malware Protection
    Real time protection re-enabled
    Policy non-compliance: Device Control
    Policy non-compliance: Tamper Protection
    Policy non-compliance: Application Control
    Policy non-compliance: Malware Protection
    Real time protection disabled
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    Policy in compliance: Device Control
    Policy in compliance: Tamper Protection
    Policy in compliance: Application Control
    Policy in compliance: Malware Protection
    Real time protection re-enabled
    Policy non-compliance: Device Control
    Policy non-compliance: Tamper Protection
    Policy non-compliance: Application Control
    Policy non-compliance: Malware Protection
    Real time protection disabled
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
Reply

  • The exception is not working -- it keeps getting overridden:

    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:23:16-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:20:30-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:20:14-07:00
    Policy non-compliance: Device Control 2016-09-14T17:19:38-07:00
    Policy non-compliance: Tamper Protection 2016-09-14T17:19:38-07:00
    Policy non-compliance: Application Control 2016-09-14T17:19:38-07:00
    Policy non-compliance: Malware Protection 2016-09-14T17:19:38-07:00
    Real time protection disabled 2016-09-14T17:19:38-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:18:02-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:16:44-07:00
    Policy in compliance: Device Control 2016-09-14T17:16:39-07:00
    Policy in compliance: Tamper Protection 2016-09-14T17:16:39-07:00
    Policy in compliance: Application Control 2016-09-14T17:16:39-07:00
    Policy in compliance: Malware Protection 2016-09-14T17:16:39-07:00
    Real time protection re-enabled 2016-09-14T17:16:39-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:11:33-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:11:24-07:00
    Policy non-compliance: Device Control 2016-09-14T17:10:47-07:00
    Policy non-compliance: Tamper Protection 2016-09-14T17:10:47-07:00
    Policy non-compliance: Application Control 2016-09-14T17:10:47-07:00
    Policy non-compliance: Malware Protection 2016-09-14T17:10:47-07:00
    Real time protection disabled 2016-09-14T17:10:47-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:08:41-07:00
    Policy in compliance: Device Control 2016-09-14T17:08:22-07:00
    Policy in compliance: Tamper Protection 2016-09-14T17:08:22-07:00
    Policy in compliance: Application Control 2016-09-14T17:08:22-07:00
    Policy in compliance: Malware Protection 2016-09-14T17:08:22-07:00
    Real time protection re-enabled 2016-09-14T17:08:22-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:08:17-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:07:06-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:06:50-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:05:34-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T17:05:17-07:00
    Policy non-compliance: Device Control 2016-09-14T17:04:43-07:00
    Policy non-compliance: Tamper Protection 2016-09-14T17:04:43-07:00
    Policy non-compliance: Application Control 2016-09-14T17:04:43-07:00
    Policy non-compliance: Malware Protection 2016-09-14T17:04:43-07:00
    Real time protection disabled 2016-09-14T17:04:43-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T15:36:11-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T15:35:24-07:00
    Policy in compliance: Device Control 2016-09-14T15:35:15-07:00
    Policy in compliance: Tamper Protection 2016-09-14T15:35:15-07:00
    Policy in compliance: Application Control 2016-09-14T15:35:15-07:00
    Policy in compliance: Malware Protection 2016-09-14T15:35:15-07:00
    Real time protection re-enabled 2016-09-14T15:35:15-07:00
    Policy non-compliance: Device Control 2016-09-14T15:34:33-07:00
    Policy non-compliance: Tamper Protection 2016-09-14T15:34:33-07:00
    Policy non-compliance: Application Control 2016-09-14T15:34:33-07:00
    Policy non-compliance: Malware Protection 2016-09-14T15:34:33-07:00
    Real time protection disabled 2016-09-14T15:34:33-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T15:33:54-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T15:32:31-07:00
    Policy in compliance: Device Control 2016-09-14T15:32:00-07:00
    Policy in compliance: Tamper Protection 2016-09-14T15:32:00-07:00
    Policy in compliance: Application Control 2016-09-14T15:32:00-07:00
    Policy in compliance: Malware Protection 2016-09-14T15:32:00-07:00
    Real time protection re-enabled 2016-09-14T15:32:00-07:00
    Policy non-compliance: Device Control 2016-09-14T15:31:38-07:00
    Policy non-compliance: Tamper Protection 2016-09-14T15:31:38-07:00
    Policy non-compliance: Application Control 2016-09-14T15:31:38-07:00
    Policy non-compliance: Malware Protection 2016-09-14T15:31:38-07:00
    Real time protection disabled 2016-09-14T15:31:38-07:00
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T15:28:24-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe 2016-09-14T15:27:53-07:00
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    Policy non-compliance: Device Control
    Policy non-compliance: Tamper Protection
    Policy non-compliance: Application Control
    Policy non-compliance: Malware Protection
    Real time protection disabled
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    Policy in compliance: Device Control
    Policy in compliance: Tamper Protection
    Policy in compliance: Application Control
    Policy in compliance: Malware Protection
    Real time protection re-enabled
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    Policy non-compliance: Device Control
    Policy non-compliance: Tamper Protection
    Policy non-compliance: Application Control
    Policy non-compliance: Malware Protection
    Real time protection disabled
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    Policy in compliance: Device Control
    Policy in compliance: Tamper Protection
    Policy in compliance: Application Control
    Policy in compliance: Malware Protection
    Real time protection re-enabled
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    Policy non-compliance: Device Control
    Policy non-compliance: Tamper Protection
    Policy non-compliance: Application Control
    Policy non-compliance: Malware Protection
    Real time protection disabled
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    Policy in compliance: Device Control
    Policy in compliance: Tamper Protection
    Policy in compliance: Application Control
    Policy in compliance: Malware Protection
    Real time protection re-enabled
    Policy non-compliance: Device Control
    Policy non-compliance: Tamper Protection
    Policy non-compliance: Application Control
    Policy non-compliance: Malware Protection
    Real time protection disabled
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
    Policy in compliance: Device Control
    Policy in compliance: Tamper Protection
    Policy in compliance: Application Control
    Policy in compliance: Malware Protection
    Real time protection re-enabled
    Policy non-compliance: Device Control
    Policy non-compliance: Tamper Protection
    Policy non-compliance: Application Control
    Policy non-compliance: Malware Protection
    Real time protection disabled
    CryptoGuard unblocked process C:\Windows\SysWOW64\SGN_MasterServicen.exe
    CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe
Children
No Data
Unfiltered HTML