On-Premise Endpoint

Sophos Endpoint Software Sophos Anti-Virus flagging ZoneAlarm file as suspicious

On-Premise Endpoint requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 4 replies
Subscribers 1 subscriber
Views 3707 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Anti-Virus flagging ZoneAlarm file as suspicious

carina over 14 years ago

Sophos Anti-Virus 7.6.16 (with latest updates) has sent a file to quarantine which apparently belongs to ZoneAlarm.

The file in question is C:\Program Files\Checkpoint\ZAForceField\Plugins\ISWHRSRV.dll.

Sophos identifies it as suspicious, of type Sus/VB-AM.

I can find no reference to either ISWHRSRV.dll or Sus/VB-AM on either the Sophos or ZoneAlarm websites.

Does anybody know if this is really a suspicious file or is it a false trip from Sophos ?

This thread was automatically locked due to age.

Parents

0 DetlevRackow over 14 years ago

Hi,
"suspicious behaviour" is not based on hard facts like a known virus. It is based on a certain kind of behaviour like changing network parameters, adding autostart entries in the registry et al.
This can and will cause false positives, as there is software which does this legitimately. Therefore, you will need to declare these applications as harmless. This is done in the AV-policy in "Authorizations".
Since Sophos offers a full-featured firewall, I don't see a reason to use ZoneAlarm on a machine which is protected by Sophos Endpoint Security.
Best regards,
Detlev
:1466
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 DetlevRackow over 14 years ago

Hi,
"suspicious behaviour" is not based on hard facts like a known virus. It is based on a certain kind of behaviour like changing network parameters, adding autostart entries in the registry et al.
This can and will cause false positives, as there is software which does this legitimately. Therefore, you will need to declare these applications as harmless. This is done in the AV-policy in "Authorizations".
Since Sophos offers a full-featured firewall, I don't see a reason to use ZoneAlarm on a machine which is protected by Sophos Endpoint Security.
Best regards,
Detlev
:1466
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data