Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 9249 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cyber Security Essentials Plus for Mac .exe problem

leo pickford

Hello!

We're being tested for Cyber Security Essentials Plus

90% of our computers are Mac 10.11.6 the rest Windows 10.

We have; Sophos Cloud, Endpoint Advance protection

Part of the test includes downloading and executing malicious files. Most of the files are detected by Sophos AV and cleaned up but avtest.exe is not which is a problem because the file remains accessible on the host machine (Mac) and the assessment criteria requires that the files are auto cleaned and removed. This avtest.exe is detected and placed in the quarantine but not auto cleaned and removed.

The detection shows are this:PUA detected: 'Gsecdump' at '/Users/cyberuser/Downloads/avtest.exe'

I've attempted editeding the policys for Web to block all etc but nothing seems to change.

I'm a bit stuck. I have raised a support request with Sophos...

Anyone had this issue before?

Kindest regards,

Leo. 

 
 


This thread was automatically locked due to age.
  • 0

    Hi,

    This is only detected as a Potentially Unwanted Application (PUA) [https://community.sophos.com/kb/14887] so it's not classified as malware.  It's more a control feature to enable the admin to allow certain users to run certain applications that may be considered questionable, hence you can authorise but by default they are just blocked.

    In the "Threat Protection" policy, under remediation, there is an option to "Automatically clean up malware" but this isn't malware it's a PUA.  I don't believe there is auto-cleanup (although offered in the Quarantine Manager interface) on PUAs.

    Not sure if it helps.

    Regards,

    Jak

  • +1

    Hi Leo, 

    Could you please share the support ticket number through PM. In the mean time please refer to this article How to remove malware from a Mac OS X computer. Let me know if this helps resolve your issue. 

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to jak

    Hi Jak,

    Thanks for the information anyway.

    I'll keep looking for a way to control this PUA detection even if it's a temporary workaround else we shall fail this assessment which is not good.

    Kindest regards,

    Leo.

  • 0 in reply to Haridoss Sreenivasan

    Hello,

    Thanks for sharing the 'how to remove malware' link. I'm going to change the local default value from: "Clean up threat and Deny access" to "Delete threat" which should hopefully work. I shall re-test and let you know.

    Many thanks,

    Leo.

Unfiltered HTML