Can you please send a screenshot instead, of what you're seeing? Is Sophos detecting it and cleaning it up? Or is Sophos not detecting it or not cleaning it up?
I don't have a machine that I can download and test with.
The word document that i inserted into my post has a screen shot of the sophos dashboard view.
It appears to me that sophos has quarantined the file and marked it as "RED" high threat. I have located the file on the computer and tried to remove it, but it says that i require permission from trustedinstaller.
Please let me know if you are not able to open the screenshot.
I see thank you. I've seen this type of detection before and I have a suggestion on how you can possibly get past it.
For this, most times it is not cmd.exe that is causing the problem. It is likely that there is a script running cmd.exe, and is executing some bad stuff, that Sophos is detecting.
Tools like Microsoft Autoruns, may help in finding out where this script is so you can delete it. This related post may help in resolving this detection.
I see thank you. I've seen this type of detection before and I have a suggestion on how you can possibly get past it.
For this, most times it is not cmd.exe that is causing the problem. It is likely that there is a script running cmd.exe, and is executing some bad stuff, that Sophos is detecting.
Tools like Microsoft Autoruns, may help in finding out where this script is so you can delete it. This related post may help in resolving this detection.
