This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PUA not detected - hides itself while scanning

HI,

on one of our server is a PUA running, no matter what we tried (online scan / offline scan) it is not detected. The PUA uses some kind of stealth mode. When you try to execute scan on an affected file you can see that the mousepointer moves away from the selected file. Off course, we can clean the server with fresh install, my intent is to be able to detect such software.

What is the recommended way to proceed ?

regards

This thread was automatically locked due to age.

0 QC over 3 years ago

Hello Administrator User124,

what is an affected file? Some file (executable) you suspect is related to this PUA?

For a start, please see the Sophos Malware Remediation Toolkit (SMaRT).

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 Shweta over 3 years ago

Hi Administrator User124

Would you please suggest the Sophos product you are using? Also, if you could please submit a sample to Sophos.

Shweta

Community Support Engineer | Sophos Technical Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 Administrator User124 over 3 years ago in reply to QC

QC said:

Hello Administrator User124,

what is an affected file? Some file (executable) you suspect is related to this PUA?

For a start, please see the Sophos Malware Remediation Toolkit (SMaRT).

Christian

Hi Christian,

thanks for your help, we already used the Linux ISo for an offline scan, but unfortunatly it was not detected. We also tried some other offline tools from other vendors without success.

Affected files, better to say related files, looks like when accessing the files directly they seem more or less clean, when we try to create a dump while the services are running we receive the error:

"Error configured dump resources: The system cannot find the file specified"

@Shweta

We use on premise Endpoint Protection standard, for this case we applied for an InterceptX trial and migrated the server to Sophos Central , also there it was not detected

We allready contacted the support, as soon a we have more informations i will updated this thread with more detailed informations.

regards
Cancel
Vote Up 0 Vote Down

Cancel