Hello!
We're being tested for Cyber Security Essentials Plus
90% of our computers are Mac 10.11.6 the rest Windows 10.
We have; Sophos Cloud, Endpoint Advance protection
Part of the test includes downloading and executing malicious files. Most of the files are detected by Sophos AV and cleaned up but avtest.exe is not which is a problem because the file remains accessible on the host machine (Mac) and the assessment criteria requires that the files are auto cleaned and removed. This avtest.exe is detected and placed in the quarantine but not auto cleaned and removed.
The detection shows are this:PUA detected: 'Gsecdump' at '/Users/cyberuser/Downloads/avtest.exe'
I've attempted editeding the policys for Web to block all etc but nothing seems to change.
I'm a bit stuck. I have raised a support request with Sophos...
Anyone had this issue before?
Kindest regards,
Leo.
This thread was automatically locked due to age.
