Hello erwin ferrer,

could you provide at least some details? In case of an apparently successful malware the console version (and also the SAV version) is all but irrelevant. What happened, how many endpoints are affected, what is it that you want to remove, which files have to be recovered?

Christian

Hi Christian,

 My sophos enterprise console 5.4.0 cant detect ransomware.

I already got the answer from the support.  We need to upgrade our SEC with Exploit

prevention. 

But here is my question. Can Sophos decrypt ransomware? 

.ransomed@india / Crypton

Hello erwin ferrer,

console 5.4.0 cant detect ransomware
to avoid misconceptions: It is never the console that detects something, it's always the (AV) software on the endpoint. Though SEC 5.5+ is required to be able to download and manage the additional (license required) EXP product (ransomware protection, exploit prevention, Clean)

decrypt
I'm afraid, unless the ransomware is flawed (which it rarely is) it's, while theoretically not impossible, not feasible to decrypt the files without the key.

Christian 

Thanks, Sir Christian. very appreciated! 

Hi erwin ferrer,

Just to clarify few things: The endpoint or the Enterprise console will not decrypt any of the encrypted files. 

The endpoint client can however back and restore in the event of suspicious encryption activity is being detected.

Thanks Gowtham for the info.