Thread Info
  • Locked Locked
  • Replies 3 replies
  • Subscribers 13 subscribers
  • Views 26091 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Safeguard detected as ransomware

gdriggs

We have this on several systems so I'm surprised this is the first time it has come up:
"CryptoGuard detected ransomware in C:\Windows\SysWOW64\SGN_MasterServicen.exe"

Please let me know if anyone wants SDU output from the system this fired on. I've currently listed it as a global scanning exception along with C:\ProgramData\Utimaco\SafeGuard Enterprise\LocalCache. Should I put one in for c:\program files (x86)\sophos\safeguard enterprise\client\ as well?

-Gary



This thread was automatically locked due to age.
Parents

  • Hello,

    We're aware of this false positive and it will be fixed for the release version.  But I would like to confirm that this is the same issue as the one we are aware of.  

    We will need the following sent to us:-

    • File output from  Sophos Diagnostic Utility  ( you find this from the program files menu )
    • Zip'd collection  of log files from C:\ProgramData\Sophos\Clean\Logs and C:\ProgramData\HitmanPro.Alert\Logs

    You can use https://www.wetransfer.com/  for free to send us the file.   Suggest you zip them all together and use a password.  Please send the details to me via the forum messaging. 

    Thanks for the report

Reply

  • Hello,

    We're aware of this false positive and it will be fixed for the release version.  But I would like to confirm that this is the same issue as the one we are aware of.  

    We will need the following sent to us:-

    • File output from  Sophos Diagnostic Utility  ( you find this from the program files menu )
    • Zip'd collection  of log files from C:\ProgramData\Sophos\Clean\Logs and C:\ProgramData\HitmanPro.Alert\Logs

    You can use https://www.wetransfer.com/  for free to send us the file.   Suggest you zip them all together and use a password.  Please send the details to me via the forum messaging. 

    Thanks for the report

Children
  • in reply to Rincewind

    Unfortunately, I can't get the system to stay on long enough. I get a repeat of the same events posted previously then after it's detected again it shuts down. Is that expected behavior? Either way, how can I get this to stop happening so I can run SDU? If necessary I can see if we have an adapter for the M.2 SSD in it so I can collect the logs by attaching it to another system.

    Update -- I was able to shutdown the HitmanPro & Clean services and that seems to have stopped the constant reboot cycle. I'll send you some data as soon as I have it gathered.

    thanks,
    Gary

Unfiltered HTML