We'd love to hear about it! Click here to go to the product suggestion community
We got an alert this morning that it stopped a ransomeware, but my only options are to mark it resolved or close it. I would like to find what click, process, action triggered the problem but I do not see anything in the logs that helps me. What am I doing wrong, what information do I need to provide the forum?
Hi Dave Goodrich
Intercept X provides you the Root Cause Analysis feature which allows you to view a list of infections. After clicking on one, you are directed to an overview page with a Summary about the threat including: Detection name, Root Cause, Possible Data involved, Where and When it took place.
For more information on the Root Cause Analysis feature, please have a read of KBA: Sophos Central: Root Cause Analysis overview
For more information on Cryptoguard detections and required actions, please have a read of KBA: Sophos Central Managed Server, Sophos Central Managed Endpoint: CryptoGuard detections and required actions
Hope that helps.
In reply to Karlos:
Duh, click on the file in the Artifacts list and a new pane opens on the right side. Thank you.
Sophos actually found a file left behind from a seven year old Ransomeware attack we experienced. We had removed and replaced from backup the affected files, but missed a directory. When a file from that directory was accessed this morning, Sophos caught it and stomped it
As an aside, who decided that light grey on white was a good UI design? I am seeing that all over software and the internet and it is very very hard to use. Just my Friday rant.