The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
This article lists the different methods you can use to test if your Sophos Endpoint detection features are working correctly. You can test these items from any endpoint computer on your network.
The following sections are covered:
NOTE: All the files and links in this article are completely harmless. They are designed to trigger the anti-virus software into recognizing it as if they were a virus, and if successful, will indicate a detection.
NOTE:The EICAR test string is not a virus, it is an industry standard detection test. Sophos Anti-Virus will report its presence as EICAR-AV-Test virus.
If the on-access scanner is enabled and functioning correctly, you should see a detection.
Use the Sophos Web Security and Control Test Site by SophosLabs to test the Sophos web protection and web control functionality.
Use the Sophos Web Security and Control Test Site - Reputation webpage by SophosLab to test the download reputation functionality.
To test the HIPS feature, do the following:
Set t = WScript.CreateObject( "WScript.Shell" ) t.RegWrite "HKCU\SOFTWARE\Sophos\HIPSTest\", "" t.RegDelete "HKCU\SOFTWARE\Sophos\HIPSTest\" Set t = Nothing
After running the script, the quarantine should show wscript, as well as the suspicious behavior setting in the Sophos Anti-Virus GUI.
To test the MTD feature, do the following:
set o = createobject("MSXML2.XMLHTTP") o.open "GET", "http://sophostest.com/mtdtest/2/" & rnd, FALSE o.send
If the MTD feature is active, you will receive a C2/generic-B detection on the endpoint. The Sophos Network Threat Protection feature must be installed for MTD to function. This is only available in Sophos Cloud and Sophos Enterprise Console 5.3.0 with managed 10.6.0 and above.
NOTE: All of the files contained in this article should be used for testing purposes only.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.