This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

We just had our first hit for cryptoguard.

We got an alert this morning that it stopped a ransomeware, but my only options are to mark it resolved or close it. I would like to find what click, process, action triggered the problem but I do not see anything in the logs that helps me. What am I doing wrong, what information do I need to provide the forum?

DAve

This thread was automatically locked due to age.

Karlos over 6 years ago

Hi Dave Goodrich

Intercept X provides you the Root Cause Analysis feature which allows you to view a list of infections. After clicking on one, you are directed to an overview page with a Summary about the threat including: Detection name, Root Cause, Possible Data involved, Where and When it took place.

For more information on the Root Cause Analysis feature, please have a read of KBA: Sophos Central: Root Cause Analysis overview

For more information on Cryptoguard detections and required actions, please have a read of KBA: Sophos Central Managed Server, Sophos Central Managed Endpoint: CryptoGuard detections and required actions

Hope that helps.

Cheers,

Karlos

Karlos
Community Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
Dave Goodrich over 6 years ago in reply to Karlos

Duh, click on the file in the Artifacts list and a new pane opens on the right side. Thank you.

Sophos actually found a file left behind from a seven year old Ransomeware attack we experienced. We had removed and replaced from backup the affected files, but missed a directory. When a file from that directory was accessed this morning, Sophos caught it and stomped it

As an aside, who decided that light grey on white was a good UI design? I am seeing that all over software and the internet and it is very very hard to use. Just my Friday rant.

Thanks,

DAve
Cancel
Vote Up 0 Vote Down

Cancel