The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.
"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
You have received a firewall event (in Enterprise Console) or message (on the endpoint) for a hidden process 'SAVProxy.exe', launched by %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe.
Known to apply to the following Sophos product(s) and version(s)
Sophos Anti-Virus for Windows 2000+ 9.5.0Sophos Client Firewall 2.5.0Enterprise Console 4.5.0
Allow all the hidden processes launched by ALMon.exe to be launched and then restart the computer.
SAVProxy.exe is part of the new Sophos component responsible for Sophos Live Protection sample submission. This process is responsible for setting the proxy to be used for Live Protection sample submission, and that feature will not be enabled until the endpoint computer is restarted.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.