Malicious Traffic Detection

It's because mtd.vbs uses wscript.exe (Windows-Based Script Host) to execute, this means the actual running application is wscript.exe and the detection quite rightly is against this. In a real world scenario the detection would be against an actual piece of Malware rather than a vbs script.

Hope this helps.

Craig

Thanks.... I asked that question to support@sophos.com.   2 weeks and a few Emails later, no answer. They even asked me to send them a sample.....  I should probably come here more often.

Ok, that's  disappointing -  PM me your case no, I'll follow it up with the engineer who dealt with it. 

Ok, that's  disappointing -  PM me your case no, I'll follow it up with the engineer who dealt with it.