Sophos Virus Definitions

What they were wanting to see was something that shows all definitions we currently have. So they could see that we are covered for this ransomware (Teslacrypt which seems to be definition Troj/TeslaC-AZ).

But I'm guessing if we have updated since the Protection available since date from Sophos that's the way I can show we are covered for it? Or is there any other way?

What they were wanting to see was something that shows all definitions we currently have. So they could see that we are covered for this ransomware (Teslacrypt which seems to be definition Troj/TeslaC-AZ).

But I'm guessing if we have updated since the Protection available since date from Sophos that's the way I can show we are covered for it? Or is there any other way?

Hello Lee Phipps,

something that shows all definitions we currently have [to] see that we are covered for this ransomware 
you're guessing correctly (IMO). Right now SAV boats it can detect 11111593 objects. Whatever this number signifies given that more than a few detection items are generic. If you are up-to-date you can be sure that a certain detection item is available for the scanning engine. Thus the objects this item is able to detect will be detected, in other words - you are covered. But - and there's the rub - this does not mean Troj/TeslaC-AZ (and its siblings - note that the suffix -AZ suggests there are dozens of definitions for this "family") will detect all past and in particular future variants of Teslacrypt or yet different implementations of this kind of crime.

IMO this is an unnecessary effort (arguably it was to some extent justified in the past). The more important points are

1. your AV is up-to-date and you detect updating issues quickly
2. your AV vendor issues timely updates that are applied as fast as possible
3. there's always the chance that a certain piece of malware is not detected so you have to have procedures in place to recover from its actions

Christian