Hopefully a simple question. Today I am seeing an alert for a malware detection for a customer, but the alert is just saying "Requires Attention", rather than something like manual cleanup required. Does this just mean I need to have a look at what has been detected and decide if it is OK or not, and then take whatever action I deem necessary?
The full alert is "Malware 'ATK/SecDump-A' detected in network location '\\rc-nas-01\backup01\it_office1\email@example.com\ICT_OFFICE1\Data\C\Users\adminone\Downloads\impacket-master\impacket-master\examples\secretsdump (2022_01_28 15_26_55 UTC).py' requires attention"
From investigations I can see that is something you probably wouldn't want on your network, but I'm just wondering why Sophos hasn't either cleaned it up automatically or has told me to manually clean it up. Could it be because there is a chance it is a tool that someone could make use of legitimately, for example a network manager trying to fix some problem or other?
[edited by: Qoosh at 11:05 PM (GMT -8) on 2 Feb 2023]