Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 14 subscribers
  • Views 4591 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

'Automatically submit malware samples to SophosLabs' Question

TesterA

Hi,


I'm trying to find some details regarding the 'Automatically submit malware samples to SophosLabs' option.

Are we talking here about some kind of a SandBox solution that analyses suspicious files and sends the client a response?

In other words, do i get a direct higher degree of protection with that option or is the benefit here is secondary due to the later refinements of Sophos signatures.


Thank you.



This thread was automatically locked due to age.
  • 0

    HI TesterA

    When SAV would scan the files , it would try to Match signatures for an Existing malware detected. We would collect as many Samples to analyse the files and update them globally.


    If a file is deemed potentially malicious by a scan but cannot be positively identified as malicious based on its characteristics alone, a Live Protection (SXL4) lookup will allow Sophos to request a sample of the file as has previously been possible in Sophos Anti-Virus for Windows. If this option is enabled and Sophos does not already hold a sample of the file, the file is submitted automatically.

    The queries are used to determine the reputation of a file or URL. The data sent includes file names, file hashes, URLs.

    The SXL4 queries are done over HTTPS connections to the Sophos SXL4 server.

    Submission of such sample files helps Sophos to continuously enhance detection of malware without the risk of false positives.

    Taken from Article 124264

    https://community.sophos.com/kb/en-US/124264

    Hope this would answer your Query.

    Thanks and Regards 

    Aditya Patel | Network and Security Engineer.

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Aditya Patel

    Hi Aditya and thanks for your response.

    From what i understand from the article, Only the hash of the file is being sent and not the whole file, is that a definite fact?

    Thank you.

Unfiltered HTML