Misses catch of eicar test

Dear Sophos team,


I am wondering why Sophos did not detect the eicar test in web site test after downloading the file test (eicar.com.txt) despite that I put the default navigator is selected under Sophos for checking the link!!


the test web site is:http://www.eicar.org/download/eicar.com.txt

 

Could you please tell us how you can solve that issue??


Thanks in advance.


Lair_r

  • Hi Laid_r,

    I have just now tested the above Eicar test on our test mobile and the files were detected without any delay.

    Please go to this website, please download eicar.com.txt file from there.

    As soon as the file download is completed, files will be detected by Sophos Intercept X for mobile.

  • In reply to Jasmin:

    Dear Jasmin,

    I try the link and it works with the default navigator;  but believe me I try the same link under opera browser, Sophos missed all downloaded files and has caught some of them only after the full scan and it still missing the zipped files; I attached here the picture shows the downloaded files & picture of caught only after full scan and another images concerning showing an exmple of Dr web antivirus Android showing when is active with issues and the last one when is activated and is secured.

     

     

     

    Could you please give me the reason why Sophos missed them under opera browser?

    Thanks in advance.

    Lair_r

  • In reply to Laid_r:

    Hi  

    I have tested the same scenario under the Opera browser and it is being detected by Sophos Mobile, Could you please re-scan and check once? 

  • In reply to Shweta:

    Dear Shweta,

     

    I redo the exercise by using opera android browser and believe me I have the same results; here I attached two images, the first one contain the downloaded files, and the second one contain what Sophos has caught.

     

    For another check I runed a full scan I found the same things; always still missing the zipped files.

     

    Could you please recheck this issue?

     

     

    Thanks in advance.

    Lair_r

  • In reply to Laid_r:

    Hi  

    If the zip files have been downloaded directly through https link, then Sophos Intercept X for mobile will not do the file scanning as the file data will be in the encrypted form.

    However, Sophos Intercept X for mobile will block the website which is in the block list even if it has been accessed with its https link. 

    If you'll try to unzip those files, Sophos Intercept X for mobile will automatically detect the original file of Eicar. 

  • In reply to Jasmin:

    Dear Jasmin,

    Many thanks for your replay, but the issue still, even after I open the zipped files after downloading Sophos could not caught them; I attached here the zip downloaded files & 02 zip files opened by WinRAR application and no notification by Sophos. See the last image of Sophos home page.

     

     

     

     

     

    Could you please see this issue with your team in order to reach to solve this issue by an update of this version?

    In addition to that I suggest if it’s possible to added custom scan at least we could run it for the external or internal storage.

    At end I just need to mention that I use to use Sophos endpoint and security under windows in my work in our business company, Sophos home free edition under windows in my personal laptop and Sophos mobile security under my smartphone since a long time and I appreciate the value of protection for all of them; here I would like to keep this mind, because really all Sophos products worth be used.

    Thanks in advance.

    Lair_r

  • In reply to Laid_r:

    Hi  

    Thank you for the nice gesture and appreciation for the products you are using.

    I just tested the scenario on my testing phone. Intercept X for mobile many times will not give the prompt of the detection and for the action. If you'll visit the Intercept X for mobile, it has already detected it and you can perform the required action from there. Even if it goes undetected (happened 1 out of 10 times because I was continuously doing unzip of the file), the manual scan had detected it in the manual scan.

    Even if you are not doing any manual scanning, the file will be detected whenever it'll be accessed by you or by any other application through Intercept X for mobile.