Hi,
We recently had a Coin Miner spread in our network.
This was performed by the infected machine dropping files into shared folders of other machines - thankfully Sophos does pick up the file once it was dropped, however, the RCA does not show the machine / network connection that dropped the file?
Why is this? Surely this should be part of what the Data Recorder service should capture for detection of lateral movement - or is Sophos not capable of this? (not great if so)
This thread was automatically locked due to age.