There are a number of tools installed on the endpoint for evaluating files. For example:
SAV32CLI.exe
Sav32cli which is part of the Sophos Anti-Virus component. If you wished to scan a folder or file, from the command line you could run:
sav32cli.exe -dn -ns -mrlog -pua -controlled -suspicious
This is installed in "C:\Program Files (x86)\Sophos\Sophos Anti-Virus" for 64-bit computers. The switches provided will list the files being scanned, it will also show detections bt application control identities (controlled).
MLFileInfo.exe
This command-line tool is part of Sophos Endpoint Self Help to provide info about files. It lives on disk here: "C:\Program Files\Sophos\Endpoint Self Help\". An example command to check notepad.exe would be:
./MLFileInfo.exe --filepath "C:\windows\notepad.exe" | convertfrom-json
Regards,
Jak
