This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AVGator

I was reading about a new vulnerability in AV programs, AVGator. In short, the attack works like this: A malicious file is delivered to the host, the AV catches the malicious file and quarantines the file, the attacker manipulates NTFS to restore the process, a DLL sideloading attack then launched, the malicious code is able to run as the system.

Six major AV vendors have fixed the issue; however, the issue has not been addressed by seven vendors. Those seven vendors were not named in the article. I'm curious if Sophos is vulnerable to this attack or not? Or if Sophos is aware of the issue and is working on fixing it.

arstechnica.com/.../

This thread was automatically locked due to age.

Karlos over 6 years ago

Hi Keith,

Thanks for reaching out. In fact we are aware of the new AVGator vulnerability & our AV would not be affected by it. Have a read at our KB Article: Sophos Anti-virus and AVGator vulnerability

Cheers,
Karlos

Karlos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
Keith Russell over 6 years ago in reply to Karlos

Karlos,

That was a quick response from Sophos, I did a search this morning and it wasn't there. It's good to know that this is a mitigated risk.
Cancel
Vote Up 0 Vote Down

Cancel
QC over 6 years ago in reply to Keith Russell

Hello Keith Russell,

a mitigated risk
it wasn't a risk in the first place as there's never been a restore from quarantine.

Christian
Cancel
Vote Up 0 Vote Down

Cancel