This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Not cleanable viruses...

Hi,

Tried finding some articles on the matter to no avail...every now and then I get a virus notification for an end point PC that is classed "not cleanable". I look it up on the Sophos Website to see if there is any info on it, usually not so I try to submit a sample. The log lists the file location, usually in the temp internet files but whenever I try to locate the file I can never get to the bottom of the file path as it simply isn't there and there is nothing in the end point PC's quarantine.

So just wondering what the go is here, how can I submit samples of uncleanable viruses when I can never obtain a copy of the files?

What is the general process everyone else uses when confronted with the same situation?

Thanks,

Craig

This thread was automatically locked due to age.

Parents

0 QC over 14 years ago

Hello Craig,

will Sophos still rename their file extensions

yes. Of course a writable excluded share will pose an additional risk - "something" (other than Sophos) could write a malicious executable to it and could instruct the host to run it (therefore I have the share on a workstation) but - someone should correct me if I'm wrong - this is very unlikely and anyway would have to "restrict" itself to this folder to remain undetected.

Christian
:6669
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 14 years ago

Hello Craig,

will Sophos still rename their file extensions

yes. Of course a writable excluded share will pose an additional risk - "something" (other than Sophos) could write a malicious executable to it and could instruct the host to run it (therefore I have the share on a workstation) but - someone should correct me if I'm wrong - this is very unlikely and anyway would have to "restrict" itself to this folder to remain undetected.

Christian
:6669
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data