Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 7952 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Same file 2 machines 2 different endpoint responses

DavidCluley

My network has 5 machines; 2 Windows Server 2008 R2 machines and 3 Linux Mint 17.1 machines.  One W2008 machine is the domain controller and the other exists to run Enterprise Console version 5.2.1 R2.  Sophos downloads and all machine updates of Sophos AV is controlled by the EC machine.

One of the Linux machines is used solely as a backup machine for the other 4 machines and backups are done as scheduled tasks on each machine.  Ages ago  when my Windows XP machine was due to be retired I copied across a load of files from the XP machine to the Server 2008 machine as a second backup with no problem.  An apparent problem only arose when I installed the Linux machine and started using it for backups.  5 and only 5 files from the XP backup set on my Windows server machine are flagged as Virus/Spyware by the Endpoint AV on the Linux machine despite the same software finding no problem with those very same files in the Windows machine.


So - comments:

The versions of AV on both machines are the same and kept up to date automatically by Enterprise Console

The files are bog standard system files or standard program files - nothing unusual

I can't understand why Sophos AV on one machine complains and on another doesn't - so suggestions for how I can track down the problem would be very welcome.

It is irritating, rather than important, because they are only there as a backup and not actually in use.  Actually I could delete them without noticing it; but I don't like unexplained oddities.

David Cluley



This thread was automatically locked due to age.
Parents
  • 0

    Hi David,

    What are the files detected as? are they in a zipped format or anything like that?

    Depending on your policy settings maybe you have a few extra options selected for you Linux machine that pick up this detection where the policy for your Windows machine doesn't have those settings enabled.

    If you can provide some more information like what type of files they are i'm sure we can get to the bottom of this.

  • 0 in reply to PeterM

    Hi Peter


    The files are not zipped - a straight copy.

    Detections are:Mal/Generic-S for

    xxx/WINDOWS/ServicePackFiles/i386/lang/imjpinst.exe;

    xxxWindows/Help?Tours/mmTour/tour.exe and

    xxx/Program Files/WinRAR/WinRAR.exe

    also Mal/EncPk-ADK for xxx/Program Files/Common Files/Microsoft Shared/OFFICE 12/RICHED20.DLL

    and Mal/Zbot-PA for xxx/Program Files/Borland/Delphi 3/BIN/dcc32.exe

    where xxx is shorthand for /home/david/NBak/WinDC/Edrive/dcxp_c

    Does that help?

    David Cluley

Reply
  • 0 in reply to PeterM

    Hi Peter


    The files are not zipped - a straight copy.

    Detections are:Mal/Generic-S for

    xxx/WINDOWS/ServicePackFiles/i386/lang/imjpinst.exe;

    xxxWindows/Help?Tours/mmTour/tour.exe and

    xxx/Program Files/WinRAR/WinRAR.exe

    also Mal/EncPk-ADK for xxx/Program Files/Common Files/Microsoft Shared/OFFICE 12/RICHED20.DLL

    and Mal/Zbot-PA for xxx/Program Files/Borland/Delphi 3/BIN/dcc32.exe

    where xxx is shorthand for /home/david/NBak/WinDC/Edrive/dcxp_c

    Does that help?

    David Cluley

Children
Unfiltered HTML