This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

html.exploit.CVE_2016_0108

We are using vmware virtual desktops with persona management, and Sophos Security VM's for antivirus.  We have some users that store their profiles on a QNAP turbo nas.  We have turned on the qnap anti virus scanner to scan their profiles for any virus activity.  The qnap keeps finding this --> html.exploit.CVE_2016_0108 in their user profiles.


How is this getting saved in their profile?  Shouldn't the security vm be catching this before it ever gets written to their profile?


I know microsoft just issued a windows update this week to patch the hole in IE 11 that this file uses.

Any suggestions?

Thanks

Charles



This thread was automatically locked due to age.
  • Hi Charles,

    I wouldn't be able to tell you how the threat is getting saved in their profiles. It could be a number of reasons.

    A few things to note that might help. You may already have this in place and know about:

    -ssvm does not covers all the features a full SAV does. for ex. it does not do: Web Protection and also some other features.

    -ssvm v2 is requred for automatic cleanup.

    -ssvm automatic cleanup is not enabled by default, there is additional configuration needed in order for this to work.

    Do you actually see the threat in SEC as being detected by ssvm?

    Is the scanning on the QNAP using a Sophos engine?

    Thanks,

    Voicu