Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 4078 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Malware Removal

Christopher Ong

Good morning fellow Sophos Users,

I've just recently been attacked by a malware by disabling tamper protection. For some reason it went to our Sophos Central and disabled internet connections and usb usage. After cleaning the compromised device source and fixing a few policy on the firewall. 

 

Everytime we browse our sophos endpoint solution show this

Are we still infected by the malware?



This thread was automatically locked due to age.
  • 0

    Hi Christoper,

    You will need to provide more information about the infection you had for us to provide any advice on it.

    Your screenshot is just showing websites that are categorized as advertising being blocked, so I suspect you are just using the web control feature to block adverts and that is why you see those when you browse the internet.

  • 0 in reply to PeterM

    On our XG Firewall we barely have any policy regarding web control features, just your normal Adult Sites/Streaming/Social but this happened when i'm browsing on google. Before we were hit by a malware by one of the devices connected through our Sophos Central, our endpoint doesn't show reports like this. Although we managed to clean the device and formatted it, before it was cleaned, our XG Firewall was behaving unusual as it disconnected people trying to connect to the WIFI and disabled USB media usage. Now it does as the screenshot shows. 

  • +1 in reply to Christopher Ong

    The websites being blocked are because of a web control policy in your Sophos Central console, please login to the console and go to: Endpoint Protection > Policies > Web Control > (Select the policy you are using) > Settings. Under the additional security options there is the setting to block advertisements, which the url's in your screenshot are categorized. What you are seeing isn't malware related, just a feature to block adverts from displaying while you are browsing. 

     

Unfiltered HTML