Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 3020 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Process flagged as Ransdomware

Jon Airey

We have several applications (console/web/service) that share some code to encrypt/decrypt files. Sophos intermittently flags this as Randsomeware whether it be form the host running the application or the file server. We have tried whitelisting the process names but still do see blocking issues. 

 

Wonding if there is some way to embed some meta data into the processes that Sophos can read and we can whitelist this on our end. Does anyone who if something like this is possible?



This thread was automatically locked due to age.
Parents
  • 0

    Hello Jon Airey,

    (please no crossposts)

    whitelisting the process names
    how did you try do it? AFAIK both Central Admin and SEC 5.5.1+ enable you to make exclusions - though this isn't done by whitelisting the process names but in response to the respective detections. If it's a Remote Detection the you'd likely have to turn off this feature on the server as the only identifying attribute of the assumed attack is the remote IP.

    Christian

Reply
  • 0

    Hello Jon Airey,

    (please no crossposts)

    whitelisting the process names
    how did you try do it? AFAIK both Central Admin and SEC 5.5.1+ enable you to make exclusions - though this isn't done by whitelisting the process names but in response to the respective detections. If it's a Remote Detection the you'd likely have to turn off this feature on the server as the only identifying attribute of the assumed attack is the remote IP.

    Christian

Children
No Data
Unfiltered HTML