Note: This article is to be used with the Sophos Endpoint Self Help (ESH) tool found in Sophos Central Windows Endpoints only.
This article is linked from the ESH tool and provides further information on the File Info page.
The File Info page provides a method to analyze PE files (Portable Executable) to display the characteristics used by Sophos to determine whether the file is a controlled application, it's reputation, whether it's malicious or a potentially unwanted application (PUA).
Other file types will display limited information only.
The following section are covered:
Applies to the following Sophos products and versions Endpoint Self Help Tool
The default display when clicking on the Tools | File Info page will show the following:
You can either drag and drop a file into the box or alternatively, browse to a location and select a file to access.
After a few seconds the window will display a number of sections:
Note: The results being displayed can differ depending on the file being analyzed.
Note: This section will only display information for customers with an Intercept X license.
You will not be able to copy detected malware or PUA files to this page, so the section will always show a green tick against the score. The only exceptions are where the file has been added to the 'Allowed Applications' list by the Administrator in Sophos Central or updated by Sophos via the reputation data. In such instances you will see this referenced in the Local Reputation or Global Reputation sections under 'Lookup Type'.
For Intercept X customers with the Deep Learning functionality, if you have a PE file that is not detected as malware and there are reasons it should be detected as malware, follow the guidance in the following article to submit a sample to SophosLabs:
browse for a file...
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.