Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 9251 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cyber Security Essentials Plus for Mac .exe problem

leo pickford

Hello!

We're being tested for Cyber Security Essentials Plus

90% of our computers are Mac 10.11.6 the rest Windows 10.

We have; Sophos Cloud, Endpoint Advance protection

Part of the test includes downloading and executing malicious files. Most of the files are detected by Sophos AV and cleaned up but avtest.exe is not which is a problem because the file remains accessible on the host machine (Mac) and the assessment criteria requires that the files are auto cleaned and removed. This avtest.exe is detected and placed in the quarantine but not auto cleaned and removed.

The detection shows are this:PUA detected: 'Gsecdump' at '/Users/cyberuser/Downloads/avtest.exe'

I've attempted editeding the policys for Web to block all etc but nothing seems to change.

I'm a bit stuck. I have raised a support request with Sophos...

Anyone had this issue before?

Kindest regards,

Leo. 

 
 


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    This is only detected as a Potentially Unwanted Application (PUA) [https://community.sophos.com/kb/14887] so it's not classified as malware.  It's more a control feature to enable the admin to allow certain users to run certain applications that may be considered questionable, hence you can authorise but by default they are just blocked.

    In the "Threat Protection" policy, under remediation, there is an option to "Automatically clean up malware" but this isn't malware it's a PUA.  I don't believe there is auto-cleanup (although offered in the Quarantine Manager interface) on PUAs.

    Not sure if it helps.

    Regards,

    Jak

  • 0 in reply to jak

    Hi Jak,

    Thanks for the information anyway.

    I'll keep looking for a way to control this PUA detection even if it's a temporary workaround else we shall fail this assessment which is not good.

    Kindest regards,

    Leo.

Reply Children
No Data
Unfiltered HTML