Unplanned Outage: Due to a technical glitch, customers might see higher wait times on Sophos Call Lines. We request for your kind cooperation. Please prefer logging a case via Sophos Support Portal, unless the situation is critical for you.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PUA not detected - hides itself while scanning

HI,

on one of our server is a  PUA running, no matter what we tried (online scan / offline scan) it is not detected. The PUA uses some kind of stealth mode. When you try to execute scan on an affected file you can see that the mousepointer moves away from the selected file. Off course, we can clean the server with fresh install, my intent is to be able to detect such software.

What is the recommended way to proceed ?

regards



This thread was automatically locked due to age.
  • Hello Administrator User124,

    what is an affected file? Some file (executable) you suspect is related to this PUA?

    For a start, please see the Sophos Malware Remediation Toolkit (SMaRT).

    Christian

  • Hi  

    Would you please suggest the Sophos product you are using? Also, if you could please submit a sample to Sophos. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

     

  • QC said:

    Hello Administrator User124,

    what is an affected file? Some file (executable) you suspect is related to this PUA?

    For a start, please see the Sophos Malware Remediation Toolkit (SMaRT).

    Christian

     

    Hi Christian,

    thanks for your help, we already used the Linux ISo for an offline scan, but unfortunatly it was not detected. We also tried some other offline tools from other vendors without success.

    Affected files, better to say related files, looks like when accessing the files directly they seem more or less clean, when we try to create a dump while the services are running we receive the error:

    "Error configured dump resources: The system cannot find the file specified"

    @Shweta

    We use on premise Endpoint Protection standard, for this case we applied for an InterceptX trial and migrated the server to Sophos Central , also there it was not detected

    We allready contacted the support, as soon a we have more informations i will updated this thread with more detailed informations.

    regards