Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 4143 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Zixmail by Zixcorp Outlook email encryption

John Orr

Hello, I've searched the Sophos community sites heavily but am unable to locate proper steps to exclude Zixmail encryption from being identified as false positive for Crypto/Ransomware.  It's triggering Sophos cleaning each time a user initiates their Zixmail plug-in both with and without attachments.

Any help is greatly appreciated.



This thread was automatically locked due to age.
  • 0

    Hello John Orr,

    the proper steps are not to exclude Zixmail encryption (or any other legitimate software) but to submit a sample (don't worry that it says malicious file - it's for submitting false positives as well). Usually it takes just some hours until a suitable detection update is available.

    Christian

  • 0 in reply to QC

    It's not an infection, it's the Zixmail Outlook 2016 plug-in that invokes sophos cleanup thinking there's an infection causing encryption.  I've had this happen for some other users at the same site and just want to ensure SAV knows the Zix process is safe instead of reporting it as an issue.

  • 0 in reply to John Orr

    Hello John Orr,

    I've hoped that I were clear enough saying it's for submitting false positives as well. Ok, could have added to a suitable detection update the words which will identify the plug-in as legitimate and not flag it as ransomware. You yourself are saying [I] want to ensure SAV knows the Zix process is safe - but it seems you are thinking of an exclusion. An exclusion would tell SAV to simply pass over it so that it couldn't tell whether it is safe or not.

    Christian

Unfiltered HTML