Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 4112 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint Protection Advanced can't recognize the adware Trojan.Siggen6.24611.

MCDMcDon

Hello to all who use such software.

I've encountered such issue in my network that the adware Trojan.Siggen6.24611 is present on some amount of computers and it can be cured only manually and by third-party malware removal software, but  Also I can periodically observe that Sophos stays passive to different types of adware and even doesn't recognize it as a threat.

I checked all the settings in Sophos console from the server's side, and console even doesn't depict the following presence of adware.

Is it possible to add the name of adware to the database of Sophos and in this way make it find such threat?

If someone had such problem, please, leave some comments or the solutions of this problem, because now it's now so critical to resolve this issue on a couple of computers, but I'm not sure that it would be straightforward to cure hundreds of computers, which I run in my network.

By the way, I use fully-licenced Endpoint Protection Advanced software and licence will expire just at 2017. 

I'll be so grateful for your ideas and comments that would can spring to your mind.

Kindly regards, Oleg.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Oleg,

    Trojan.Siggen6.24611 is a vendor's name for a (in this case specific) detection and doesn't really describe what this is. There's no naming standard or global directory which would provide a mapping. Using it is similar to saying "Does hardware store B also sell the item numbered 93178612 I've seen at store A?".
    Searching for the name I've found it at the vendor's site and two listings at VirusTotal, one from 2014 and the other fairly recent. In both cases Sophos detected it as Mal/Generic-S - if it doesn't at your site then (assuming your settings are correct and Sophos is up to date) it's perhaps some variant which is this time not detected generically. You should submit a sample with the submission form, please do so. Normally it takes just a few hours until a specific detection (and an associated cleanup) is available.

    add the name of adware to the database
    it's not that simple - the adware must be positively and unambiguously identified, with what should just the name be compared? Please note also that it's the scanning engine which has to recognize the unwanted software - and its strategy is tuned for on-access protection from malware and based on file-scanning. Nevertheless it is possible to detect all kinds of adware this way but it's a byproduct. Again - please send samples if you think something should be detected and blocked (you can also submit requests for application control - legitimate software which you don't want to be used at your site).

    Christian

Reply
  • 0

    Hello Oleg,

    Trojan.Siggen6.24611 is a vendor's name for a (in this case specific) detection and doesn't really describe what this is. There's no naming standard or global directory which would provide a mapping. Using it is similar to saying "Does hardware store B also sell the item numbered 93178612 I've seen at store A?".
    Searching for the name I've found it at the vendor's site and two listings at VirusTotal, one from 2014 and the other fairly recent. In both cases Sophos detected it as Mal/Generic-S - if it doesn't at your site then (assuming your settings are correct and Sophos is up to date) it's perhaps some variant which is this time not detected generically. You should submit a sample with the submission form, please do so. Normally it takes just a few hours until a specific detection (and an associated cleanup) is available.

    add the name of adware to the database
    it's not that simple - the adware must be positively and unambiguously identified, with what should just the name be compared? Please note also that it's the scanning engine which has to recognize the unwanted software - and its strategy is tuned for on-access protection from malware and based on file-scanning. Nevertheless it is possible to detect all kinds of adware this way but it's a byproduct. Again - please send samples if you think something should be detected and blocked (you can also submit requests for application control - legitimate software which you don't want to be used at your site).

    Christian

Children
No Data
Unfiltered HTML