Hi All,
One of our potential customers asked us what does Sophos Intercept X Advamced (cloud version) do when it detects a file as infected. According to me it follows this process but I am not sure that is correct.
Step 1- It will block access to the file
Step 2- It will try to cleanup file(if automatic cleanup is enabled
Step 3- If cleanup fails then it will ask for manual cleanup.
I want to understand what does CLEANUP mean. Will it remove the infected part and restore the original file?(very improbable as the virus could have messed with the file) OR does it directly go for deletion of file?
If some important file is infected, will Sophos directly delete the entire file? ( I say this because i tested this on one file and Sophos just deleted it and it says threats cleaned up) Does Cleanup= Delete OR blockaccess OR disinfect.
Can someone please help me to understand the sequence of decisions taken by Sophos on finding infected file?
I saw one explaination by QC in this thread too:
This thread was automatically locked due to age.