Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 4283 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Event ID: 47

kartheek manthena

Hi Team,

We are using sophos endpoint security and control version 10. We got an event id 47 description as "Scanning of C:\Users\sam\Desktop\1dwm.exe has been stopped because too many items were detected". 

Is this a threat?

Please check and update us with your findings as soon as possible.

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hello kartheek manthena,

    please check
    neither Sophos and least of all us Community members can remotely check (even if we were able to determine who and where you are).
    Is this a threat?
    The scanning stopped isn't - it only tells you there's more than one reason to consider this file malicious and scanning for more evidence would be redundant. The too many items alert is preceded by one or more detections. The Anti-Virus and HIPS log (%ProgramData%\Sophos\Sophos Anti-Virus\logs\SAV.txt) will have the details and which actions (if any) have been performed on the offending item.

    Christian

Reply
  • 0

    Hello kartheek manthena,

    please check
    neither Sophos and least of all us Community members can remotely check (even if we were able to determine who and where you are).
    Is this a threat?
    The scanning stopped isn't - it only tells you there's more than one reason to consider this file malicious and scanning for more evidence would be redundant. The too many items alert is preceded by one or more detections. The Anti-Virus and HIPS log (%ProgramData%\Sophos\Sophos Anti-Virus\logs\SAV.txt) will have the details and which actions (if any) have been performed on the offending item.

    Christian

Children
No Data
Unfiltered HTML