.
i am unable to resolve this malicious behavior threat, can anyone suggest some help?
This thread was automatically locked due to age.
.
i am unable to resolve this malicious behavior threat, can anyone suggest some help?
Hello Paul Michel
Can you please send a screenshot instead, of what you're seeing? Is Sophos detecting it and cleaning it up? Or is Sophos not detecting it or not cleaning it up?
I don't have a machine that I can download and test with.
Also if you would like to have that file looked at, please send it as a sample to have Sophos Labs review it?
Hello Paul Michel
Can you please send a screenshot instead, of what you're seeing? Is Sophos detecting it and cleaning it up? Or is Sophos not detecting it or not cleaning it up?
I don't have a machine that I can download and test with.
Also if you would like to have that file looked at, please send it as a sample to have Sophos Labs review it?
Dianne,
The word document that i inserted into my post has a screen shot of the sophos dashboard view.
It appears to me that sophos has quarantined the file and marked it as "RED" high threat. I have located the file on the computer and tried to remove it, but it says that i require permission from trustedinstaller.
Please let me know if you are not able to open the screenshot.
Thanks,
PaulM.
Hello PaulM Paul Michel
I see thank you. I've seen this type of detection before and I have a suggestion on how you can possibly get past it.
For this, most times it is not cmd.exe that is causing the problem. It is likely that there is a script running cmd.exe, and is executing some bad stuff, that Sophos is detecting.
Tools like Microsoft Autoruns, may help in finding out where this script is so you can delete it. This related post may help in resolving this detection.