"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
When attempting to submit a sample of a detected item, the on-access scanner prevents it from being sent. You may see errors such as access denied or the file contains no data.
This article explains the process for submitting detected samples that are blocked by the on-access (real-time) scanner.
The following sections are covered:
Applies to the following Sophos products and versions Sophos Anti-Virus for Mac OS XSophos Anti-Virus for Windows 2000+Sophos Anti-Virus for Linux
Identify your reason for obtaining the sample from the following scenarios:
It is unlikely that a sample of this file is required.
If you get an error message when running a cleanup:
The safest way to collect a file that requires investigation is to use the Sophos Anti-Virus scanner to move and rename it. Using this method, a safer exclusion can be added which allows submission via the Sophos website.
C:\Documents and settings\All Users\Application Data\Sophos\Sophos Anti-Virus\INFECTED
sweep [filename] -rename
NOTE: The on-access scanner will intercept the file that you are attempting to upload via the Sophos website, a temporary on-exclusion exclusion will be required.
savscan [path to file] [path to another file] -rename
Note: The on-access scanner will intercept the file you are attempting to upload via the Sophos website, a temporary on-exclusion exclusion will be required:
The web submission channel uses HTTPS and encryption and therefore complies with regulations for secure data exchange.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.