Hello,
I`m not sure if this is a Sophos issue that cannot identify it, or if it is just a configuration issue.
I have been trying to find out how can I configure Sophos Central, for both workstations and servers, to identify and cure a malware named as Trojan.Multi.GenAutorunWMI.a.
Most of the workstations and ALL servers were infected this week and I`m having to run another antimalware such as Kaspersky to remove it. Sophos seems never to identify it, but Kaspersky does. My concern about removing with Kaspersky is that the devices can be infected again since Sophos endpoint is not aware and blocking it.
The main symptom is a high CPU consumption. A powershell keeps running a script that consumes 100% CPU. Another symptom that we are still not sure if it is related, is that some workstations and servers (both physical and virtualized servers) suddenly restarts with no reason.
If anyone is experiencing this issue and could share any remediation, I`ll be thankful.
Thanks!
[locked by: FloSupport at 5:21 PM (GMT -7) on 4 Apr 2019]